China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage

**Executive summary:** Security researchers attributed a wave of espionage intrusions across Japan and the Asia-Pacific to a China-linked actor known as Twill Typhoon, which uses DLL sideloading of legitimate applications (e.g., Sogou Pinyin, dfsvc.exe, vshost.exe) to load modular malware (FDMTP) and maintain long-lived persistence via scheduled tasks and registry entries; observed infrastructure and artifacts include dnscfg.dll, Assist.dll, Persist.WpTask.dll and faux CDN domains like yahoo-cdn.it.com and icloud-cdn.net.