Unfading Sea Haze: New Espionage Campaign in the South China Sea

Bitdefender documents an espionage campaign by the Unfading Sea Haze APT, active since at least 2018, that targeted at least eight military and government organizations in the South China Sea region. The actor uses spearphishing (ZIP archives with LNK), multiple backdoors and Gh0stRat variants, and legitimate RMM tools to maintain access and exfiltrate documents, browser data, and messaging files; the whitepaper and Bitdefender intelligence portal provide IOCs and deeper analysis.