An unused update server connected to the input method editor (IME) application Sogou Zhuyin was utilized by malicious actors within an espionage initiative to deploy various malware types, including C6DOOR and GTELAM, mainly aiming at users throughout Eastern Asia.

“Threat agents utilized intricate infection pathways, including compromised software updates and fraudulent cloud storage or login methods.”