Chinese APT Group "Jade Typhoon" Breaches Defense Contractors via Supply Chain Attack

A sophisticated supply chain attack attributed to Chinese state-sponsored group Jade Typhoon (formerly tracked as APT41/Winnti) has compromised at least 8 major defense contractors through a trojanized update to NetScope Pro, a widely-used network management tool deployed across thousands of enterprise environments.

The compromised update, version 7.4.2, was distributed through legitimate channels on February 18, 2026. It contained a backdoor that established encrypted communication channels to command-and-control infrastructure hosted on compromised legitimate websites.

CrowdStrike's Counter Adversary Operations team identified the breach after detecting anomalous network traffic patterns at a Tier-1 defense contractor. "The level of sophistication in this operation is consistent with the highest-tier nation-state capabilities," said Adam Meyers, SVP of Intelligence at CrowdStrike.

The backdoor provides full remote access capabilities including file exfiltration, keystroke logging, and the ability to deploy additional payloads. Evidence suggests the attackers were specifically targeting classified project documentation and communications related to advanced weapons systems.

NetScope has revoked the compromised certificate and released a clean version 7.4.3. The NSA and CISA have issued emergency directives requiring all federal agencies and contractors to audit their NetScope installations immediately.