Chinese APT Group Reportedly Develops Custom Backdoor
@prajeetspeaks) •
June 9, 2021
Full infection chain (Source: Check Point Research)
Check Point researchers have uncovered an ongoing campaign by a Chinese advanced persistent threat group that has spent the last three years testing and refining a custom backdoor in its arsenal to conduct espionage campaigns targeting governments in Southeast Asia.
The group, dubbed SharpPanda, uses spear-phishing attacks to gain initial access and leverage old Microsoft Office vulnerabilities together with a chain of in-memory loaders to attempt to install a previously unknown backdoor on victims’ machines.
Researchers note that the first stage of the infection chain's command-and-control servers is hosted by two different cloud services, located in Asia, in Hong Kong and Malaysia. The backdoor command-and-control server is hosted on Zenlayer, a U.S.-based provider that is widely used by multiple threat actors for command-and-control purposes.