017

APT-C-60 conducted a targeted espionage campaign in August 2024 against a Japanese organization using a job-application lure. The attackers delivered a VHDX-hosted payload that exploited WPS Office RCE (CVE-2024-7262) to run a downloader (SecureBootUEFI.dat) which used StatCounter and Bitbucket to retrieve and assemble the SpyGlace backdoor; persistence was achieved via COM hijacking and the backdoor contacted C2 at 103.187.26.176.