Security News > 2023 > March > New malware variant has “radio silence” mode to evade detection
The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the 'Soul' malware framework.
Check Point identified a new campaign using the malware that started in late 2022 and continues through 2023, employing spear-phishing attacks for initial compromise.
The new Sharp Panda campaign uses spear-phishing emails with malicious DOCX file attachments that deploy the RoyalRoad RTF kit to attempt to exploit older vulnerabilities to drop malware on the host.
Upon execution, the main module of the Soul malware establishes a connection with the C2 and waits for additional modules that will extend its functionality.
The new version analyzed by Check Point features a "Radio silence" mode which allows the threat actors to specify the specific hours of the week that the backdoor should not communicate with the command and control server, likely to evade detection during the victim's working hours.
The new variant implements a custom C2 communication protocol that uses various HTTP request methods, including GET, POST, and DELETE. Support for multiple HTTP methods gives the malware flexibility, as GET is used for retrieving data, POST for submitting data.