THREATNOIR
Subscribe
Back to Feed
Nation-stateApr 24, 2026

Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia

Chinese APT uses Outlook, Slack, Discord, and file.io for C2 in Mongolia espionage campaign.

Read at source

Summary

A Chinese state-sponsored threat actor has been conducting espionage operations against Mongolian targets by abusing legitimate cloud services—Microsoft Outlook, Slack, Discord, and file.io—as command and control channels. The adversary leveraged these widely-trusted platforms to evade traditional network detection and maintain persistent access to victim environments. This campaign demonstrates how attackers are increasingly weaponizing legitimate business tools to bypass security controls.

Entities

Chinese APT (unspecified) (threat_actor)Microsoft Outlook (technology)Slack (technology)Discord (technology)file.io (technology)