Skip to content
Auto-CTI
Back to all actors

China-linked

Nation-state Espionage Dormant
Mentions
1
First seen
16 Jun 2026
Last seen
16 Jun 2026

Relevant to you ยท Relevant

Threat focus:
espionage / apt

Origin

Unattributed

Sources

inferred Confidence high

Profile

A China-linked threat actor is using the SprySOCKS backdoor, which has expanded to Windows systems with driver-based stealth. Recent reporting indicates an expansion of capabilities. No information on targets or affected regions is available yet.

Associated malware / tools

SprySOCKS

Activity (8 weeks)

22
23
24
25
26
27
28
29

Recent activity

ESC

โ€ฆ