Tag: shadowpad

3 attack reports | 0 vulnerabilities

Attack reports

Chinese APT Abuses VSCode to Target Government in Asia

Published: September 9, 2024

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

apt
exfiltration
cyberespionage
shadowpad
poisonplug.shadow
toneshell
2024-09-09
credentialtheft
reverseshell
visualstudiocode

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

Published: August 2, 2024

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

apt
cobalt strike
credential theft
cobaltstrike
shadowpad
data exfiltration
2024-08-02
poisonplug.shadow
CVE-2018-0824
unmarshalpwn

China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence

Published: June 18, 2024

Downloadable IOCs 5

python
plugx
lsass
trojan
2024-06-18
sygnia
c server
shadowpad
wmiexec
virustotal
earthworm
impacket
f5 bigip
command
f5 appliance
svchost
velvet ant
wireshark
guard
protect

Chinese APT Abuses VSCode to Target Government in Asia

Published: September 9, 2024

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

apt
exfiltration
cyberespionage
shadowpad
poisonplug.shadow
toneshell
2024-09-09
credentialtheft
reverseshell
visualstudiocode

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

Published: August 2, 2024

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

apt
cobalt strike
credential theft
cobaltstrike
shadowpad
data exfiltration
2024-08-02
poisonplug.shadow
CVE-2018-0824
unmarshalpwn

China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence

Published: June 18, 2024

Downloadable IOCs 5

python
plugx
lsass
trojan
2024-06-18
sygnia
c server
shadowpad
wmiexec
virustotal
earthworm
impacket
f5 bigip
command
f5 appliance
svchost
velvet ant
wireshark
guard
protect

Chinese APT Abuses VSCode to Target Government in Asia

Published: September 9, 2024

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

apt
exfiltration
cyberespionage
shadowpad
poisonplug.shadow
toneshell
2024-09-09
credentialtheft
reverseshell
visualstudiocode

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

Published: August 2, 2024

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

apt
cobalt strike
credential theft
cobaltstrike
shadowpad
data exfiltration
2024-08-02
poisonplug.shadow
CVE-2018-0824
unmarshalpwn

China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence

Published: June 18, 2024

Downloadable IOCs 5

python
plugx
lsass
trojan
2024-06-18
sygnia
c server
shadowpad
wmiexec
virustotal
earthworm
impacket
f5 bigip
command
f5 appliance
svchost
velvet ant
wireshark
guard
protect
» Click here to see all Attack Reports «