Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks

APT24, a PRC-nexus actor, executed a nearly three-year targeted phishing and web compromise campaign leveraging supply-chain techniques, multi-layered social engineering, pixel tracking, and abuse of legitimate cloud storage (Google Drive/OneDrive) to distribute BADAUDIO malware; Google GTIG and partners observed and mitigated activity and published related IOCs.