Tahdid tlati (Triple Threat): Tlata dial majmou3at mtabtin b l-Chin tjam3ou 3la hokouma f janoub charq-Assya - صفحة 1

Tahdid tlati (Triple Threat): Tlata dial majmou3at mtabtin b l-Chin tjam3ou 3la hokouma f janoub charq-Assya - صفحة 2

Tahdid tlati (Triple Threat): Tlata dial majmou3at mtabtin b l-Chin tjam3ou 3la hokouma f janoub charq-Assya

30 مارس 2026

Threat Intelligence / Network Intrusion

حمّل المانغا PDF اقرا الأصل

Tahdid tlati (Triple Threat): Tlata dial majmou3at mtabtin b l-Chin tjam3ou 3la hokouma f janoub charq-Assya

TL;DR (L-khlassa)

F 2025, tlata dial majmou3at dial l-khatar mtabtin b l-Chin — fihom l-ma3roufa "Mustang Panda" — harjou monadama hokoumia wihda f janoub charq-Assya. B isti3mal tersana kbira dial l-malware bhal HIUPAN, PUBLOAD, w FluffyGh0st, l-bahitin kiyi3taqdou blli had l-majmou3at ymkan ikounou kitnasqou m3a ba3dyathom bach idirou dkhol dayem (persistent access) l-gharad l-jassoussia 3alya l-mostawa.

T-kchfat 3maliya ciybernia "m3aqda w mjahza mzyan" kats-tahdf monadama hokoumia f janoub charq-Assya Toul 3am 2025. 3la hsab bahitin men "Palo Alto Networks Unit 42", had l-hamla fiha tlata dial l-majmou3at monfasila, kolhom kitemchiw m3a l-masalih dial d-dawla dial l-Chin.

L-itilaqi dial had l-majmou3at kibiyan blli kayna majhoudat m-morkza bach ihafdo 3la dkhol mos-tamer l-chabakat hokoumia hassasa, machi ghi bach idirou t-chwich f l-waqt l-hali.

Tlata dial l-wjouh dial l-hamla

T-hlil dial nachat 2025 nseb had l-3maliya l-tlata dial l-majmou3at (clusters) khasa, kol wihda 3ndha tawqit mtqarb w toroq tech-ghil (TTPs) m-khtalfa:

1. Mustang Panda (li m3roufa b Stately Taurus)

Tawqit: Younyou – Ghoucht 2025
Had l-majmou3at l-ma3roufa rkzat 3la l-khidma dial l-bab l-khalfi (backdoor) 3ali l-mostawa. L-maj-mou3a dial l-adawat dialhom fiha:

HIUPAN: Malware kiyntaqal b USB (m3rouf hta b USBFect aw MISTCLOAK) kiyts-ta3mal bach i-installi l-backdoor PUBLOAD.
Claimloader: DLL m-dawra kats-ta3mal bach t-shal silsilat l-3dwah (infection chain).
COOLCLIENT: Backdoor m-totwra kats-mah b tas-jil l-ktaba (keystroke recording), packet tunneling, w port mapping.

2. CL-STA-1048 (Earth Estries / Crimson Palace)

Tawqit: Mars – Choutanbir 2025
Had l-majmou3a sta3mlat majmou3a m-khtalfa w "sadi3a" (noisy) dial l-adawat men l-framework dial l-malware EggStreme:

EggStremeFuel: Backdoor khfifa l-mouhima dyalha hiya t-3dad l-fichiyat (file enumeration) w t-h-dith l-i3dadat dial C2.
EggStremeLoader (Gorem RAT): M-koun qwi kiy-d3am 59 amr dial backdoor, fihom t-howil dial l-fichiyat 3an tariq Dropbox.
MASOL RAT: Trojan dial l-access 3an bo3d kiyts-ta3mal l-tan-fid awamir 3achwa-ia.
TrackBak Stealer: S-farf (stealer) dial l-ma3loumat m-s-mmem bach ijma3 l-logs, l-ma3loumat dial l-clipboard, w l-ma3loumat dial l-chabaka.

3. CL-STA-1049 (Unfading Sea Haze)

Tawqit: Abril w Ghoucht 2025
Had l-majmou3a sta3mlat loaders m-khass-sa w k-t-tkhabba ktar:

Hypnosis Loader: DLL loader jdid kiy-t-launcha 3an tariq side-loading.
FluffyGh0st RAT: L-hamoula l-akhira (final payload) li kiy-ws-lha l-Hypnosis Loader bach i-h-afed 3la t-t-ahakoum f s-system l-mos-tahdaf.

T-nas-iq w d-khol l-mos-tamer

L-bahitin Doel Santos w Hiroaki Hara men Unit 42 lah-dou blli kayn t-dakhoul k-bir f l-hamlat. L-woujoud dial tlata dial l-majmou3at m-f-rqa kats-tahdf nafss l-jiha f nafss l-waqt kiy-chir l-hadf stratiji mouchtarak.

Isti3mal Claimloader, masalan, kiy-r-ja3 l-h-ajamat dial 2022 3la monadamat hokoumia f l-Filibin, m-ma kiy-3ni blli had l-majmou3at kiy-r-j3ou w kiy-t-owrou toroq li n-j-hat l-ihom qbel. B l-isti3mal dial khalit men n-tichar 3an tariq USB (HIUPAN) w loaders m-t-owrin (Hypnosis), l-majmou3at d-m-nou blli ila t-kachfat nuqtat dkhol wihda, l-okhrin ibqaw khddamin.

L-fajawat t-taqnia

Wakha d-do-wal dial l-malware w l-awamir dyalhom t-w-at-qou b t-tafsil, l-toroq dial d-khol l-aw-alia (initial access vectors) l-m-sta3mla men taraf CL-STA-1048 w CL-STA-1049 baqiya ma-baynach mzyan. Zaydoun, wakha l-majmou3at kiy-t-chabhou f l-TTPs w l-ahdaf, l-mostawa l-haqiqi dial t-ta3awon l-moubachir binat-hom (wach kiy-t-char-kou l-infrastructure aw ghi khddamin f nafss l-it-tijah) baqi kiy-t-qi-ym.

Khlassa

Hamlat 2025 d-odd l-b-nya t-ah-tia l-hokoumia f janoub charq-Assya kat-ms-sel dars f l-jassoussia l-ciyberniia l-mos-tamirra. B isti3mal 3iddat majmou3at w m-k-taba m-t-naw3a dial l-backdoors — m-bin framework EggStreme l-was-i3 l-FluffyGh0st RAT l-m-ou-aj-jah — l-fa3ilin l-m-tab-tin b l-Chin bi-ynou 3la qodrat men l-mostawa l-3ali (Tier-1) bach i-kh-tarqou w i-bqaw f-was-t ch-abakat 3alyat l-qima.

T-nas-i-ha l-firaq dial l-amn f l-mantiqa hiya i-m-onitori-w nachat DLL side-loading w toroq l-intichar b l-USB li m-tab-ta b HIUPAN w PUBLOAD.

L-mas-dar: The Hacker News

Tahdid tlati (Triple Threat): Tlata dial majmou3at mtabtin b l-Chin tjam3ou 3la hokouma f janoub charq-Assya

30 مارس 2026

Threat Intelligence / Network Intrusion

حمّل المانغا PDF اقرا الأصل

Tahdid tlati (Triple Threat): Tlata dial majmou3at mtabtin b l-Chin tjam3ou 3la hokouma f janoub charq-Assya

TL;DR (L-khlassa)

L-itilaqi dial had l-majmou3at kibiyan blli kayna majhoudat m-morkza bach ihafdo 3la dkhol mos-tamer l-chabakat hokoumia hassasa, machi ghi bach idirou t-chwich f l-waqt l-hali.

Tlata dial l-wjouh dial l-hamla

T-hlil dial nachat 2025 nseb had l-3maliya l-tlata dial l-majmou3at (clusters) khasa, kol wihda 3ndha tawqit mtqarb w toroq tech-ghil (TTPs) m-khtalfa:

1. Mustang Panda (li m3roufa b Stately Taurus)

Tawqit: Younyou – Ghoucht 2025
Had l-majmou3at l-ma3roufa rkzat 3la l-khidma dial l-bab l-khalfi (backdoor) 3ali l-mostawa. L-maj-mou3a dial l-adawat dialhom fiha:

HIUPAN: Malware kiyntaqal b USB (m3rouf hta b USBFect aw MISTCLOAK) kiyts-ta3mal bach i-installi l-backdoor PUBLOAD.
Claimloader: DLL m-dawra kats-ta3mal bach t-shal silsilat l-3dwah (infection chain).
COOLCLIENT: Backdoor m-totwra kats-mah b tas-jil l-ktaba (keystroke recording), packet tunneling, w port mapping.

2. CL-STA-1048 (Earth Estries / Crimson Palace)

Tawqit: Mars – Choutanbir 2025
Had l-majmou3a sta3mlat majmou3a m-khtalfa w "sadi3a" (noisy) dial l-adawat men l-framework dial l-malware EggStreme:

EggStremeFuel: Backdoor khfifa l-mouhima dyalha hiya t-3dad l-fichiyat (file enumeration) w t-h-dith l-i3dadat dial C2.
EggStremeLoader (Gorem RAT): M-koun qwi kiy-d3am 59 amr dial backdoor, fihom t-howil dial l-fichiyat 3an tariq Dropbox.
MASOL RAT: Trojan dial l-access 3an bo3d kiyts-ta3mal l-tan-fid awamir 3achwa-ia.
TrackBak Stealer: S-farf (stealer) dial l-ma3loumat m-s-mmem bach ijma3 l-logs, l-ma3loumat dial l-clipboard, w l-ma3loumat dial l-chabaka.

3. CL-STA-1049 (Unfading Sea Haze)

Tawqit: Abril w Ghoucht 2025
Had l-majmou3a sta3mlat loaders m-khass-sa w k-t-tkhabba ktar:

Hypnosis Loader: DLL loader jdid kiy-t-launcha 3an tariq side-loading.
FluffyGh0st RAT: L-hamoula l-akhira (final payload) li kiy-ws-lha l-Hypnosis Loader bach i-h-afed 3la t-t-ahakoum f s-system l-mos-tahdaf.

T-nas-iq w d-khol l-mos-tamer

L-fajawat t-taqnia

Khlassa

T-nas-i-ha l-firaq dial l-amn f l-mantiqa hiya i-m-onitori-w nachat DLL side-loading w toroq l-intichar b l-USB li m-tab-ta b HIUPAN w PUBLOAD.

L-mas-dar: The Hacker News