216.73.217.80

Chinese APT Abuses VSCode to Target Government in Asia

· Published 09/09/2024 09:05 · Modified 09/09/2024 09:51

Export JSON

Essential information

Published
09/09/2024 09:05
Modified
09/09/2024 09:51
Tags
2024-09-09 apt credentialtheft cyberespionage exfiltration poisonplug.shadow reverseshell shadowpad toneshell visualstudiocode
Related entities
17 observables, 1 intrusion sets (apt), 17 techniques (mitre), 3 malware, 1 others

Description

The report details a campaign by the Chinese advanced persistent threat () group Stately Taurus, which carried out operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain initial access and deliver additional malware payloads. This represents the first observed instance of threat actors exploiting this vulnerability. The campaign exhibits strong connections to a previous Stately Taurus operation through shared tactics, techniques, procedures (TTPs), timelines, and victimology. Furthermore, the report examines a potential link between the Stately Taurus activity and a separate cluster involving the backdoor within the same targeted environment.

External references