Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
Essential information
- Published
- 02/08/2024 08:23
- Modified
- 02/08/2024 08:31
- Tags
- 2024-08-02 CVE-2018-0824 apt cobalt strike cobaltstrike credential-theft data exfiltration poisonplug.shadow shadowpad unmarshalpwn
- Related entities
- 1 vulnerabilities (cve), 13 observables, 1 intrusion sets (apt), 12 techniques (mitre), 4 malware, 1 others
Description
A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 for privilege escalation. They gathered information, deployed backdoors, harvested credentials, and exfiltrated data. Evidence suggests the threat actor spoke Chinese and followed open-source anti-detection techniques.