Likely compromise of Taiwanese governmentaffiliated research institute with ShadowPad and Cobalt

1(520) 261-1728

Likely compromise of Taiwanese governmentaffiliated research institute with ShadowPad and Cobalt

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 for privilege escalation. They gathered information, deployed backdoors, harvested credentials, and exfiltrated data. Evidence suggests the threat actor spoke Chinese and followed open-source anti-detection techniques. Author: AlienVault

Related Tags:
UnmarshalPwn

POISONPLUG.SHADOW

ShadowPad – S0596

Cobalt Strike – S0154

data exfiltration

T1563

ShadowPad

Taiwan

cobaltstrike

Associated Indicators:
2E46FCADACFE9E2A63CFC18D95D5870DE8B3414462BF14BA9E7C517678F235C9

978ECE20137BAEA2BCB364B160EB9678

https://www.nss.com.tw/calc.exe’

http://45.85.76.18:443/yPc1

http://www.nss.com.tw/1.hta

http://www.nss.com.tw/p.ps1′

http://103.56.114.69:8085/p.ps1′

58.64.204.145

45.85.76.18

Threat Intel Solutions

Likely compromise of Taiwanese governmentaffiliated research institute with ShadowPad and Cobalt

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us