The CVE-2025-29824 vulnerability was first discovered and exploited in the wild by the Microsoft Threat Intelligence Center and fixed on the April 2025 patch day. Qi'anxin Threat Intelligence Center detected a wild exploit sample of this vulnerability uploaded to vt on May 30, 2025, and conducted in-depth analysis and research on the vulnerability and the sample.

CVE-2025-29824 漏洞最早被微软威胁情报中心发现在野利用，并于 2025 年 4 月的补丁日修复。奇安信威胁情报中心于 2025/05/30 日监测到该漏洞的在野利用样本被上传至 vt 并对该漏洞及样本进行了深入分析研究。

In May 2024, the Qi'anxin Threat Intelligence Center disclosed UTG-Q-010, a malware targeting games and artificial intelligence. Subsequently, the group launched a retaliatory spear phishing attack on our company's public mailbox. In July 2025, through the TianQing "Liuhe" engine and the Red Raindrop team's private intelligence, the group's latest activities were discovered, targeting financial institutions in HongKong, China, with supply chain attacks.

2024年5月，奇安信威胁情报中心披露了针对游戏与人工智能的UTG-Q-010，随后该团伙对我司公开邮箱发起报复性鱼叉攻击。2025年7月，通过天擎“六合”引擎和红雨滴团队私有情报，发现该组织最新活动，针对中国香港地区金融机构进行供应链攻击

Lazarus incorporates the ClickFix technique into phishing attacks using fake job postings as bait. The phishing website will prompt the victim at a specific time that the camera configuration does not meet the requirements or is faulty, and provide a repair solution. The repair command appears to be downloading an update for Nvidia-related software, but the real purpose is to implant malware.

Lazarus 在以虚假招聘为诱饵的钓鱼攻击中融入 ClickFix 手法，钓鱼网站会在特定时机提示受害者摄像头配置不符合要求或者存在故障，并给出修复方案，修复命令看起来是下载 Nvidia 相关软件的更新，真实目的却是植入恶意软件。

The UTG-Q-1000 group used childcare subsidy-themed lures in phishing attacks, attempting to steal victims' identities, bank card passwords, and other information. After tracing the source and countering the C2 server, we discovered the group's presence on desktops, including various WeChat group phishing tactics, multiple remote control software backends, and WeChat chat log extraction and filtering tools.

UTG-Q-1000组织利用育儿补贴主题诱饵进行钓鱼攻击，窃取受害者身份、银行卡密码等信息。经过溯源追踪，在反制 C2 服务器后，我们发现了该团伙在桌面放置的各种微信群钓鱼话术、多种远控软件后台、以及微信聊天记录提取及筛选工具等。

Silver Fox, PlugX, and Cobalt Strike have long been widely used by hackers, and their evasion methods have become increasingly sophisticated, making traditional signature detection difficult to detect. Using the TianQing "Liuhe" engine, we have uncovered numerous fileless espionage campaigns targeting China by foreign APTs, particularly those targeting Silver Fox and other black market Trojans.

长期以来，银狐、PlugX、Cobalt Strike等被黑客广泛使用，且免杀手段日益复杂，传统的特征检测难以应对。基于天擎“六合”引擎已发现多起境外APT针对国内的全程无文件间谍活动，银狐等黑产木马更是不在话下。