QiAnXin Threat Intelligence Center and Falcon Operations Team observed in their daily operations that in June 2024, several foreign counterparts reported in-the-wild attacks related to the new attack technique GrimResource.
QiAnXin Threat Intelligence Center and Falcon Operations Team promptly conducted research on this technique and have been continuously monitoring it. In mid-July 2024, they discovered the first attack incident in government and enterprise terminals, and the researchers classified the nature of the attack as black industry. The GrimResource technique exploits the XSS vulnerability in mmc system files to execute JS code and uses DotNetToJScript to load arbitrary .NET programs into memory. This not only bypasses ActiveX control warnings but also enables fileless payload execution.
Read more…
Source: QiAnXin Threat Intelligence Center/Falcon Operations Team
Related:
- China: Authorities tell domestic companies to stop using US and Israeli cybersecurity software
January 14, 2026
Chinese authorities have told domestic companies to stop using cybersecurity software made by more than a dozen firms from the U.S. and Israel due to national security concerns, three people briefed on the matter said. As trade and diplomatic tensions flare between China and the U.S. and both sides vie for tech supremacy, Beijing has been ...
- 2025 was a terrible year for the ‘Four Families’ accused of running global cyber scam operations
January 4, 2026
People traded as commodities, iron cages used for punishment, severed fingers and even human sacrifice. These grisly details, revealed during interrogations of some of Asia’s most notorious criminal magnates, expose the horror of life in the many scam factories that dot Myanmar’s rugged and lawless border with China. The suspects were alleged members of powerful crime ...
- Cisco email security products actively targeted in zero-day campaign
December 19, 2025
A China-affiliated threat actor has been abusing a zero-day vulnerability in multiple Cisco email appliances to gain access to the underlying system and establish persistence. Cisco confirmed the news in a blog post and a security advisory, urging users to apply provided recommendations and harden their networks. In its announcement, Cisco said it first spotted the ...
- The AI Chip Arms Race: How China Built Its Own “Manhattan Project”
December 17, 2025
In a high-security laboratory in Shenzhen, China, scientists have developed a prototype machine capable of producing advanced semiconductor chips crucial for technologies such as artificial intelligence and military applications, a goal that the U.S. has long sought to prevent. This prototype, completed in early 2025 and currently in the testing phase, occupies almost an entire factory ...
- Researcher claims Salt Typhoon spies attended Cisco training scheme
December 11, 2025
A security researcher specializing in tracking China threats claims two of Salt Typhoon’s members were former attendees of a training scheme run by Cisco. SentinelLabs’ Dakota Cary linked Yu Yang and Qiu Daibing, two alleged members of the Chinese state hacking group, to participants of the 2012 Cisco Networking Academy Cup. The initiative is still going ...
- Shai Hulud 2.0, now with a wiper flavor
December 3, 2025
In September, a new breed of malware distributed via compromised Node Package Manager (npm) packages made headlines. It was dubbed “Shai-Hulud”, and Kaspersky published an in-depth analysis of it in another post. Recently, a new version was discovered. Shai Hulud 2.0 is a type of two-stage worm-like malware that spreads by compromising npm tokens to republish ...