Security News > 2022 > May > Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes
At least two research institutes located in Russia and a third likely target in Belarus have been at the receiving end of an espionage attack by a Chinese nation-state advanced persistent threat.
The attacks, codenamed "Twisted Panda," come in the backdrop of Russia's military invasion of Ukraine, prompting a wide range of threat actors to swiftly adapt their campaigns on the ongoing conflict to distribute malware and stage opportunistic attacks.
Israeli cybersecurity firm Check Point, which disclosed details of the latest intelligence-gathering operation, attributed it a Chinese threat actor, with connections to that of Stone Panda and Mustang Panda.
Targets included two defense research institutions belonging to the Russian state-owned defense conglomerate Rostec Corporation and an unknown entity situated in the Belarusian city of Minsk.
The injected payload, a previously undocumented backdoor named Spinner, makes use of sophisticated techniques such as control flow flattening to conceal the program flow, previously identified as put to use by both Stone Panda and Mustang Panda in their attacks.
"These tools are in development since at least March 2021 and use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations," Check Point said.
News URL
https://thehackernews.com/2022/05/chinese-twisted-panda-hackers-caught.html
Related news
- Chinese hackers breached Dutch Ministry of Defense (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks (source)
- Chinese Coathanger malware hung out to dry by Dutch defense department (source)
- Chinese hackers infect Dutch military network with malware (source)
- Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network (source)
- Chinese hackers fail to rebuild botnet after FBI takedown (source)
- Chinese hackers hid in US infrastructure network for 5 years (source)
- Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade (source)
- Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks (source)