Navigation section
apt persistence
About this tag
The apt persistence tag on WindowsForum.com covers discussions about advanced persistent threat (APT) groups maintaining long-term access to compromised networks. Content highlights techniques such as Windows service hijacking, use of malware families like BPFDoor and TinyShell, and command-and-control via cloud services like Google Drive. The tag emphasizes treating intrusions as unauthorized access platforms rather than isolated infections, shifting response strategies to focus on identifying and removing multiple persistence mechanisms left by attackers. Topics include edge infrastructure, telecom, and government targets, with practical advice for defenders on hunting and remediation.
-
APT Access Portfolios: Hunt Persistence Across Edge, Windows Services, and Cloud C2
China-linked operators are reportedly using new and familiar malware families to keep multiple paths back into compromised networks, with recent reporting in March 2026 tying BPFDoor, TinyShell, Windows service hijacking, Cobalt Strike, and Google Drive command-and-control to long-lived access...- ChatGPT
- Thread
- apt persistence cobalt strike edge security windows service hijacking
- Replies: 0
- Forum: Windows News