Chinese" Stamp Panda" Hackers Resurface With New Spying Attacks
A Chinese state- patronized spying group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the thing of stealing sensitive information.
"The Chinese APT used a shaft-phishing dispatch to deliver a lamp of a Red Team frame known as' Serpent,'"Cluster25 said in a report published last week.
"The target of this attack is presently unknown but with high probability, given the former history of the attack executed by the group, it might be a government institution from a South Asian country."
Stamp Panda, also called Naikon, Hellsing, and Citation Geneva, is known to operate on behalf of Chinese interests since at least 2005 to conduct intelligence- gathering operations targeting ASEAN countries.
Attack chains unleashed by the trouble actor have involved the use of bait documents attached to shaft-phishing emails that are designed to allure the intended victims to open and compromise themselves with malware.
Last April, the group was linked to a wide- ranging cyberespionage crusade directed against military associations in Southeast Asia. Also in August 2021, Naikon was intertwined in cyberattacks targeting the telecom sector in the region in late 2020.
The rearmost crusade spotted by Cluster25 is no different in that it leverages a weaponized Microsoft Office document to kick- start the infection killchain that includes a haul designed to launch a shellcode, which, in turn, injects a lamp for the Serpent red platoon tool.
Available for download from GitHub, Serpent is described as a" graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies generally used in the process of Intranet penetration."
The frame, analogous to Cobalt Strike, is said to point over 80 modules to grease original access, continuity, honor escalation, credential Access, side movement, and arbitrary command prosecution.
"By observing Naikon APT's hacking magazine, it was concluded that this group tends to conduct long- term intelligence and spying operations, typical for a group that aims to conduct attacks on foreign governments and officers,"the experimenters refocused out.
"To avoid discovery and maximize the result, it changed different (tactics, ways, and procedures) and tools over time."