APT27

This report profiles APT27, a China-aligned advanced persistent threat active since at least 2012 and through 2025, that conducts long-term cyber-espionage against governments, defense contractors, critical infrastructure, telecoms, and research organizations across Asia, Europe, and North America; it describes spearphishing, exploit-driven access, credential-harvesting portals, RATs (PlugX, HyperBro), custom loaders, web shells, DLL side‑loading, distributed encrypted C2, and improved OPSEC and target selection.