Chinese APT Abuses VSCode to Target Government in Asia
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain initial access and deliver additional malware payloads. This represents the first observed instance of threat actors exploiting this vulnerability. The campaign exhibits strong connections to a previous Stately Taurus operation through shared tactics, techniques, procedures (TTPs), timelines, and victimology. Furthermore, the report examines a potential link between the Stately Taurus activity and a separate cluster involving the ShadowPad backdoor within the same targeted environment.
OPENCTI LABELS :
apt,toneshell,shadowpad,exfiltration,cyberespionage,reverseshell,poisonplug.shadow,credentialtheft,visualstudiocode
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Chinese APT Abuses VSCode to Target Government in Asia