APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24, a China-linked hacking group, has used the BADAUDIO malware to conduct a three-year espionage campaign, compromising over 1,000 domains through supply chain attacks. The malware was deployed via a regional digital marketing firm’s JavaScript library, targeting users on Windows systems.

Why This Matters

Supply chain attacks are increasingly difficult to detect compared to traditional phishing or direct exploits, as they leverage trusted third-party infrastructure. APT24’s campaign demonstrates how adversaries can exploit legitimate software distribution channels to scale attacks, with the potential for massive data exfiltration and persistent access. The compromise of 1,000+ domains highlights the risks of unpatched vulnerabilities and insufficient third-party risk management.

Key Insights

• “1,000+ domains compromised via supply chain attack, 2025”: Google Threat Intelligence Group (GTIG)
• “CVE-2025-8088 exploited in Autumn Dragon campaign”: CyberArmor report
• “Supply chain attack via compromised digital marketing firm’s JS library, 2025”: GTIG analysis

Practical Applications

• Use Case: Supply chain attacks on digital marketing firms to target 1,000+ domains
• Pitfall: Overlooking third-party script vulnerabilities leading to large-scale compromises

References:

• https://thehackernews.com/2025/11/apt24-deploys-badaudio-in-years-long.html