216.73.217.80

Chinese APT abuses MSC files with GrimResource vulnerability

· Published 18/09/2024 08:43 · Modified 18/09/2024 09:02

Export JSON

Essential information

Published
18/09/2024 08:43
Modified
18/09/2024 09:02
Tags
2024-09-18 cobaltstrike diskless shellcode grimresource vulnerability marte beacon msc files
Related entities
30 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 4 others

Description

A Chinese Advanced Persistent Threat (APT) group has been exploiting using a new technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves downloading and executing malicious files, including a 64-bit shellcode and the with . The group's modus operandi reflects techniques of Chinese origin APTs, operating Monday to Friday during hours compatible with Chinese time zones. While precise attribution is not possible, it could be a subgroup of APT41. The campaigns have evolved since August 2nd, incorporating a new module in the infection chain. The threat actor uses various decoys and targets both Windows and Linux systems.

External references