Multiple cyber espionage campaigns linked to Chinese threat actors have been identified targeting various sectors and regions. The OneClik campaign exploits Microsoft’s ClickOnce technology to deploy stealthy malware with Go-based backdoors, primarily targeting the energy, oil, and gas sectors. This malware evades detection by hijacking trusted Windows processes and mimics legitimate tools like Cobalt Strike. Another campaign, attributed to the Chinese group Silver Fox, uses fake websites mimicking WPS Office and DeepSeek to deliver the Sainbox RAT and a hidden rootkit to Chinese users. Additionally, the LapDogs operation has compromised over 1,000 small office/home office (SOHO) devices across the US and Asia, creating a covert spying network. This malware mimics the Los Angeles Police Department (LAPD) to avoid detection. Mustang Panda, another China-linked group, has launched a Tibet-specific attack using a new malware chain—Claimloader, PUBLOAD, and Pubshell—that spreads via Google Drive links and USB worms. These campaigns highlight an ongoing and evolving threat landscape involving sophisticated malware delivery and evasion techniques by Chinese-linked actors targeting government, energy, and ethnic minority groups.