The Reveal Platform
Intel Name: Taoth campaign exploits end-of-support software to target traditional chinese users and dissidents
Date of Scan: August 29, 2025
Impact: High
Summary: The TAOTH campaign exploited an abandoned Sogou Zhuyin IME update server and spear-phishing to deliver malware like TOSHIS, C6DOOR, DESFY, and GTELAM. Targeting users across Eastern Asia—especially Traditional Chinese speakers—it focused on high-value individuals such as dissidents, journalists, and tech leaders. Attackers used hijacked updates and fake login pages for espionage, with infrastructure linking the campaign to a persistent threat group known for reconnaissance and email abuse.
