After months of work it’s great to see #CrimsonPalace publicly disclosed. Multiple sophisticated actors working within the same environment speaks to China’s willingness to escalate when engaging in cyberspace. We must work together to contest these actors.

https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/

Dug into the #solarmarker #infostealer the past two months and built out this infograph describing the attack chain. Major credit is due to @th3_protoCOL for Intel on this, and definitely read up on squibblydoo's blog post on the malware family as they describe the attack chain fantastically.
https://squiblydoo.blog/2022/09/27/solarmarker-the-old-is-new/