The Reveal Platform
Intel Name: Beyond the watering hole: apt24’s pivot to multi-vector attacks
Date of Scan: November 21, 2025
Impact: High
Summary: APT24, a PRC-nexus linked threat actor, has been running a long-term cyber-espionage campaign that spans three years and leverages BADAUDIO, a highly obfuscated first-stage downloader used to establish persistent access in victim networks. After previously relying on broad watering-hole compromises, APT24 has shifted to more advanced and targeted attack vectors—particularly against organizations in Taiwan—such as repeatedly compromising a regional digital marketing firm to conduct supply chain attacks and carrying out focused phishing campaigns. Research findings contribute to protecting users by adding identified malicious infrastructure to blocklists and notifying affected organizations so they can remediate and prevent future compromises.
