APT37 has evolved its toolset and tactics, introducing a Rust-based backdoor and advanced fileless injection techniques for stealthy operations, with a newly identified Rust-compiled backdoor and a Python-based loader leveraging Process Doppelgänging. The group's malware components are orchestrated by a single, lightweight PHP-based C2 server, streamlining command delivery and data exfiltration.
Latest mentioned: 09-09
Earliest mentioned: 09-08