A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks.

The recently discovered Chinese state-backed advanced persistent threat (APT) “Volt Typhoon,” aka “Vanguard Panda,” has been spotted using a critical vulnerability in Zoho’s ManageEngine ADSelfService Plus, a single sign-on and password management solution. And it’s now sporting plenty of previously undisclosed stealth mechanisms.

Volt Typhoon came to the fore last month, thanks to joint reports from Microsoft and various government agencies. The reports highlighted the group’s infection of critical infrastructure in the Pacific region, to be used as a possible future beachhead in the event of conflict with Taiwan.