Tag: shadowpad

8 Attack Reports | 0 Vulnerabilities

Attack reports

The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices

Salt Typhoon, a Chinese state-sponsored threat actor, has been targeting major telecommunications providers worldwide by exploiting vulnerabilities in network devices. This analysis tracks global exposures of internet-facing devices associated with Salt Typhoon activity over six months, including S…
network devices
CVE-2024-21887
CVE-2023-46805
shadowpad
telecommunications
vulnerability exploitation
CVE-2023-48788
CVE-2022-3236
masol rat
ivanti connect secure
2025-04-26
chinese state-sponsored
CVE-2023-20198
sophos firewall
CVE-2023-20273
cisco ios xe
exposure tracking
fortinet forticlient ems
Published: April 26, 2025
Downloadable IOCs: 0

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncovered new activity by the FamousSparrow APT group, including two undocumented versions of their SparrowDoor backdoor. The group compromised a US financial sector trade group and a Mexican research institute in July 2024. The new SparrowDoor versions show significant improvement…
shadowpad
modular malware
sparrowdoor
2025-03-26
hemigate
Published: March 26, 2025
Downloadable IOCs: 12

Operation FishMedley targeting governments, NGOs, and think tanks

ESET researchers have uncovered a global espionage operation called Operation FishMedley, conducted by the FishMonger APT group, which is operated by the Chinese contractor I-SOON. The campaign targeted governments, NGOs, and think tanks across Asia, Europe, and the United States during 2022. The a…
apt
espionage
china
government
shadowpad
ngo
2025-03-21
spyder
sodamaster
think tank
i-soon
rpipecommander
Published: March 21, 2025
Downloadable IOCs: 12

Updated Shadowpad Malware Leads to Ransomware Deployment

A recent investigation revealed Shadowpad malware being used to deploy a new ransomware family in Europe. The threat actor targeted 21 companies across 15 countries, primarily in the manufacturing sector. Access was gained through remote network attacks, exploiting weak passwords and bypassing mult…
ransomware
plugx
shadowpad
impacket
manufacturing
anti-debugging
2025-02-20
dns over https
multi-factor authentication bypass
remote network attacks
intellectual property theft
cqhashdumpv2
Published: February 20, 2025
Downloadable IOCs: 0

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur's Multi-Platform Attacks

Earth Minotaur, a threat actor targeting Tibetan and Uyghur communities, utilizes the MOONSHINE exploit kit to compromise Android devices and install the DarkNimbus backdoor. The exploit kit targets vulnerabilities in instant messaging apps, particularly WeChat, and has been updated with new exploi…
backdoor
android
shadowpad
2024-12-05
exploit kit
darknimbus
moonshine
Published: December 5, 2024
Downloadable IOCs: 0

Chinese APT Abuses VSCode to Target Government in Asia

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …
apt
exfiltration
cyberespionage
shadowpad
poisonplug.shadow
toneshell
2024-09-09
credentialtheft
reverseshell
visualstudiocode
Published: September 9, 2024
Downloadable IOCs: 17

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…
apt
cobalt strike
credential theft
cobaltstrike
shadowpad
data exfiltration
2024-08-02
poisonplug.shadow
CVE-2018-0824
unmarshalpwn
Published: August 2, 2024
Linked vulnerabilities : CVE-2018-0824
Downloadable IOCs: 13

China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence

python
plugx
lsass
trojan
2024-06-18
sygnia
c server
shadowpad
wmiexec
virustotal
earthworm
impacket
f5 bigip
command
f5 appliance
svchost
velvet ant
wireshark
guard
protect
Published: June 18, 2024
Downloadable IOCs: 5
Click here to see more Attack Reports