Sharp Dragon Expands Towards Africa and The Caribbean
May 23, 2024, 2:55 p.m.
Tags
External References
Description
Check Point Research has observed a significant shift in the activities and lures of Sharp Dragon, a Chinese threat actor, now targeting governmental organizations in Africa and the Caribbean. This expansion aligns with Sharp Dragon's known tactics of compromising email accounts to spread weaponized documents and deploy malware like Cobalt Strike Beacon. The actors exploit government relationships to establish footholds in new territories, demonstrating increased reconnaissance efforts and utilizing compromised infrastructure as command-and-control servers.
Date
Published: May 23, 2024, 2:17 p.m.
Created: May 23, 2024, 2:17 p.m.
Modified: May 23, 2024, 2:55 p.m.
Indicators
ff35cfed656c0cac5571beae7170a2fec007e75417c1d0c4fd7af4185759ec38
ea72011929dece4684a2dcb5b76f34cef437dbe50306f19c531d632bf26e7f32
e848355359de1e59901aa387f2d208889c368663438909fd3bb0a97566de2b2d
e6faf05234ceaaba3bdcca60285a7ba83eea229a0ca241e94fb314a73ad98d87
cd737ac8d66a47d341dd4a3c98ab0d2c77c7558d9a0161f7d08a4ab310d440ba
c1e403dd787f197f928960c723866424e343789a0422dbe8c98ed2214500d151
cc805511e106a9b5302a4db4bfbb98609aca3dcbd2f709aee8ae316f479dfd49
bff674439ea8333b227f6d05caa05b2e3fe592825abd63272d4f1e4c2dfa88ea
b952a459dac430d006a4d573612ca8474a410310792ea8141f9ab339214f4e57
9885b220b9654ac4743fe907e67da38d723fee2abf2dcd5944aa3a00c4a59c31
941e52ce5ce89b7307bdfe1b88657dfd76892b475971b86683cfc6fbca23e209
8e72c9517b0220f8ed6973cfc36f478fc7837fe536c5859554661bc1e7ee4254
7b21b95c4256308e8089bff38d5d20845f2dc28fa9e536de979ceab9b7962afa
7575ebdd90aa0ab66c4eeaecd628c475e406ac9bcc54de5e01a3d372a050aec7
708722bafe35a9fdc94ac33b1970776c464f1bb4e9c2ea1c1dba3a9e1ba03ab3
6783545b9fa8dd14890644c166a35f3cee78329f9522c6ee53149698e5889695
59a9d10eba81d62337f38d8f72a15f283e1f4bc9daa99fe0c08f780f3e4da839
42095521622c055db8d79441317952c0899c34d7b776f6f45855581fb86522dc
362b9f497fce52a3f14ad9de2a027d974cc810473c929fed7c37526d2f13f83a
2faf9615227728b2e7b9cfc548d4210452adc08b3ec500c1b46f2e04fa165816
2c7e52eb8290d76780b6ac15a134b58a74c95bc616fd0d91a3f9514409a12846
20a4256443957fbae69c7c666ae025522533b849e01680287177110603a83a41
1db1cf2df0551762eaef0a92923da2f3d032663fdcb331d9474f5398b8ae4398
1c2a10f282f1a24d88c74d8d324fb59b172cee4ee2e3e3996d9a62ba979812a6
0373ef0a7874bd8506dc64dd82ef2c6d7661a3250c8a9bb8cb8cb75a7330c1d2
04f7ae8042e0ed457dd6b86d6e8a40bd361357724b38d3aac7358f5e643299c6
21f173a347ed111ce67e4c0f2c0bd4ee34bb7ca765da03635ca5c0df394cd7e6
57b64a1ef1b04819ca9473e1bb74e1cf4be76b89b144e030dc1ef48f446ff95b
180f5a0f9210698b54dcafb9a230b12e3eaf199889e5377a2acb7124c2d48d69
45.251.241.12
38.54.96.97
38.54.50.182
103.146.78.152
185.239.226.91
45.76.193.171
103.56.17.192
schemas.openxmlformats.shop
dueog.xyz
Attack Patterns
Cobalt Strike Beacon
Sharp Dragon
T1584.004
T1021.006
T1195.002
T1588.001
T1588
T1053.005
T1059.005
T1059.003
T1059.007
T1036.005
T1070.004
T1204.002
T1566.001
T1219
T1566
T1078
CVE-2023-0669
Additional Informations
Central African Republic
South Africa