Security News > 2023 > March > Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year.

The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains observed in 2021.

Interestingly, the use of the Soul backdoor was detailed by Broadcom's Symantec in October 2021 in connection to an unattributed espionage operation targeting defense, healthcare, and ICT sectors in Southeast Asia.

The loader is then responsible for downloading, decrypting, and executing the Soul backdoor and its other components, thereby enabling the adversary to harvest a wide range of information.

"The Soul main module is responsible for communicating with the C&C server and its primary purpose is to receive and load in memory additional modules," Check Point said.

"While the Soul framework has been in use since at least 2017, the threat actors behind it have been constantly updating and refining its architecture and capabilities," the company said.

News URL

https://thehackernews.com/2023/03/sharp-panda-using-new-soul-framework.html