A Chinese condition-sponsored espionage team recognised as Override Panda has resurfaced in new months with a new phishing attack with the aim of stealing delicate info.
“The Chinese APT employed a spear-phishing email to produce a beacon of a Purple Team framework recognised as ‘Viper,'” Cluster25 said in a report published previous week.
“The goal of this attack is now unfamiliar but with large probability, specified the prior historical past of the attack perpetrated by the team, it could be a authorities establishment from a South Asian country.”
Override Panda, also referred to as Naikon, Hellsing, and Bronze Geneva, is recognised to function on behalf of Chinese passions considering that at minimum 2005 to carry out intelligence-collecting functions focusing on ASEAN nations.
Attack chains unleashed by the menace actor have included the use of decoy paperwork hooked up to spear-phishing email messages that are built to entice the meant victims to open and compromise themselves with malware.
Very last April, the team was joined to a broad-ranging cyberespionage marketing campaign directed versus armed service corporations in Southeast Asia. Then in August 2021, Naikon was implicated in cyberattacks targeting the telecom sector in the area in late 2020.
The most recent campaign noticed by Cluster25 is no distinct in that it leverages a weaponized Microsoft Place of work doc to kick-begin the an infection killchain that involves a loader created to launch a shellcode, which, in change, injects a beacon for the Viper pink staff instrument.
Accessible for download from GitHub, Viper is explained as a “graphical intranet penetration instrument, which modularizes and weaponizes the techniques and systems frequently employed in the method of Intranet penetration.”
The framework, similar to Cobalt Strike, is stated to attribute around 80 modules to facilitate first entry, persistence, privilege escalation, credential Access, lateral movement, and arbitrary command execution.
“By observing Naikon APT’s hacking arsenal, it was concluded that this team tends to conduct prolonged-phrase intelligence and espionage operations, typical for a group that aims to perform assaults on international governments and officials,” the researchers pointed out.
“To stay clear of detection and optimize the outcome, it transformed various [tactics, techniques, and procedures] and instruments in excess of time.”
Uncovered this post attention-grabbing? Stick to THN on Fb, Twitter and LinkedIn to examine a lot more special material we article.
Some parts of this article are sourced from:
thehackernews.com