Chinese Espionage Campaign Expands to Target Vietnam, Thailand and Indonesia Governments
Check Point Research (CPR) sees an ongoing cyber espionage campaign expand to target more Southeast Asian governments, including Vietnam, Thailand and Indonesia. Attributed to Chinese APT group SharpPanda, the campaign uses a malware framework called “Soul” to steal information and spy on government activities. CPR releases a new report that extensively details the infection chain of the Soul malware family.
• In late 2022, a campaign with an initial infection vector similar to previous Sharp Panda operations targeted a high-profile government entity in the region
• Payload in this specific attack is a new version of SoulSearcher loader, which eventually loads the Soul modular framework
• Although the Soul malware framework was previously seen in an espionage campaign targeting the defense, healthcare, and ICT sectors in Southeast Asia, it was never previously attributed or connected to any known cluster of malicious activity
Check Point Research (CPR) sees the expansion of an ongoing cyber espionage campaign to target more Southeast Asian governments, including Vietnam, Thailand, and Indonesia.
In June 2021, CPR identified a Chinese APT group named SharpPanda using spear-phishing and Microsoft vulnerabilities to gain access to target networks. CPR continued to track SharpPanda’s activity since then, learning of a cyberattack on a high-profile government entity in late 2022.
The payload in this specific attack leverages what’s known as the Soul modular framework, a previously unattributed modular malware framework. While the Soul framework has been in use since at least 2017, the threat actors behind it have been constantly updating and refining its architecture and capabilities.
Infection Chain
The attack begins as a phishing attack with a malicious document containing a remote template with an exploit. The exploit runs a built-in downloader, which helps ru ..
Support the originator by clicking the read the rest link below.
