China-linked actors maintain focus on organizations influencing U.S. policy
China-linked actors continue to show interest in U.S. organizations with links to or involvement in policy issues, including an intrusion earlier this year into a U.S. non-profit organization that is active in attempting to influence U.S. government policy on international issues.
The threat actors appeared determined to establish persistence and maintain long-term access to the network when they gained access to it for several weeks in April 2025. Evidence of various techniques, including the use of a legitimate vetysafe.exe component to sideload a malicious DLL (sbamres.dll.), point to the attackers being based in China. A copy of this malicious DLL was previously used in attacks linked to the China-based threat actors known as Space Pirates. A variant of this component, with a different filename, was also used by the Chinese APT group Kelp (aka Salt Typhoon) in a separate incident. Additionally, the technique was also used by Earth Longzhi, which is believed to be a subgroup of the long-standing Chinese threat group APT41.
The attackers here also used Imjpuexc on the targeted network, which is a legitimate Microsoft file that is used to allow keyboard input from East Asian language scripts, such as Chinese, Japanese, and Korean
Read more at Security