Operation SalmonSlalom
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
Operation SalmonSlalom is a campaign, first reported in February 2025, attributed with medium confidence to a Chinese-speaking threat actor targeting industrial organizations and government agencies across the Asia-Pacific region. This operation is distinguished by its sophisticated multi-stage payload delivery framework that actively leverages legitimate Chinese cloud services like myqcloud CDN and Youdao Cloud Notes for hosting and command-and-control infrastructure. The campaign's name, 'SalmonSlalom,' metaphorically represents the attackers' ability to navigate and bypass cyber defenses by maneuvering through obstacles like a salmon swimming upstream. Unlike many financially motivated groups, Operation SalmonSlalom focuses on data theft, remote administration, and device manipulation, indicating an espionage-driven motivation rather than direct financial extortion.