Chinese APT abuses MSC files with GrimResource vulnerability
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves downloading and executing malicious files, including a 64-bit shellcode and the Marte Beacon with CobaltStrike. The group's modus operandi reflects techniques of Chinese origin APTs, operating Monday to Friday during hours compatible with Chinese time zones. While precise attribution is not possible, it could be a subgroup of APT41. The campaigns have evolved since August 2nd, incorporating a new module in the infection chain. The threat actor uses various decoys and targets both Windows and Linux systems.
OPENCTI LABELS :
cobaltstrike,msc files,marte beacon,diskless shellcode,grimresource vulnerability
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Chinese APT abuses MSC files with GrimResource vulnerability