PeckBirdy, Backed by China, Takes Off for Cross-Platform Attacks

For the past few years, threat actors with ties to China have been conducting cyber-espionage attacks using a cross-platform, multifunctional JScript framework. They have supplemented their efforts with modular backdoors in two distinct campaigns that target government agencies and gambling websites. According to a blog post this week, researchers at Trend Micro have been monitoring the use of the framework, known as "PeckBirdy," since 2023.

Written in Microsoft's JScript legacy language, the command-and-control (C2) framework aims for flexible deployment by allowing execution across multiple environments.

Because "detecting malicious JavaScript frameworks remains a significant challenge due to their use of dynamically generated, runtime-injected code and the absence of persistent file artifacts," according to a post by Trend Micro threat researchers Ted Lee and Joseph C. Chen, using such a C2 framework gives attackers an advantage over defenders. See also: Widespread Spam Attacks Make Use of Zendesk Instances ## The Need for Defensive Monitoring Although it's unclear which threat actors are using PeckBirdy in these campaigns, Trend Micro claims that they are probably associated with Chinese state-sponsored threat activity, where a number of APTs regularly carry out cyber-espionage operations against specific targets worldwide.

As defenders continue to fend off persistent hostile threats, the researchers observed that "adaptability and continuous refinement of defensive strategies are no longer optional, but fundamental to maintaining operational integrity" in such a threat environment. Continuous infrastructure monitoring should be a key component of any organization's defense strategy in order to prevent intrusive activities before attackers can establish a long-term presence. In order to help defenders educate themselves on their tools, tactics, and procedures (TTPs), as well as hunting queries and indicators of compromise (IOCs) that organizations can use in their security activities to detect potential use of PeckBirdy, Trend Micro included links to earlier reports about the possible threat actors behind the campaign.

Written in Microsoft's JScript legacy language, the command-and-control (C2) framework aims for flexible deployment by allowing execution across multiple environments.

PeckBirdy, Backed by China, Takes Off for Cross-Platform Attacks

PeckBirdy, Backed by China, Takes Off for Cross-Platform Attacks

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026