Although the Soul malware framework was previously seen by Semantic in an espionage campaign targeting the defense, healthcare, and ICT sectors in South East Asia, it was never previously attributed or connected to any known cluster of malicious activity. The exploit runs a built-in downloader, which helps run the Soul backdoor. While the Soul framework has been in use since at least 2017, the threat actors behind it have been constantly updating and refining its architecture and capabilities.ĬPR explained that the attack begins as a phishing attack with a malicious document containing a remote template with an exploit. The payload in this specific attack leverages what’s known as the Soul modular framework, a previously unattributed modular malware framework. CPR continued to track SharpPanda’s activity since then, learning of a cyber attack on a high-profile government entity in late 2022. SharpPanda uses spear-phishing and Microsoft vulnerabilities to gain access to target networks. In fact, CPR identified a Chinese APT group named SharpPanda in June 2021. Specifically, CPR sees the expansion of an ongoing cyber espionage campaign to target Southeast Asian governments, including Vietnam, Thailand, and Indonesia. But aside from the US having espionage concerns, Check Point Research (CPR) reports that espionage campaigns are also expanding to the ASEAN region.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |