216.73.216.86

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

· Published 02/08/2024 08:23 · Modified 02/08/2024 08:31

Export JSON

Essential information

Published
02/08/2024 08:23
Modified
02/08/2024 08:31
Tags
2024-08-02 CVE-2018-0824 apt cobalt strike cobaltstrike credential-theft data exfiltration poisonplug.shadow shadowpad unmarshalpwn
Related entities
1 vulnerabilities (cve), 13 observables, 1 intrusion sets (apt), 12 techniques (mitre), 4 malware, 1 others

Description

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed malware, , and custom tools, exploiting vulnerabilities like for privilege escalation. They gathered information, deployed backdoors, harvested credentials, and exfiltrated data. Evidence suggests the threat actor spoke Chinese and followed open-source anti-detection techniques.

External references