Security News > 2022 > May > Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes

At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat.

The attacks, codenamed "Twisted Panda," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing conflict to distribute malware and stage opportunistic attacks.

Israeli cybersecurity firm Check Point, which disclosed details of the latest intelligence-gathering operation, attributed it a Chinese threat actor, with connections to that of Stone Panda and Mustang Panda.

Targets included two defense research institutions belonging to the Russian state-owned defense conglomerate Rostec Corporation and an unknown entity situated in the Belarusian city of Minsk.

The injected payload, a previously undocumented backdoor named Spinner, makes use of sophisticated techniques such as control flow flattening to conceal the program flow, previously identified as put to use by both Stone Panda and Mustang Panda in their attacks.

"These tools are in development since at least March 2021 and use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations," Check Point said.

News URL

https://thehackernews.com/2022/05/chinese-twisted-panda-hackers-caught.html