Chinese APT Target Royal Thai Police in Malware Campaign
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malware campaign targeting the Royal Thai Police has been identified, using seemingly legitimate FBI-related documents to deliver the Yokai backdoor. The attack, consistent with the Chinese APT group Mustang Panda, involves a RAR archive containing a shortcut file that executes ftp.exe to process commands from a disguised PDF. The malware, a trojanized version of PDF-XChange Driver Installer, dynamically resolves API calls to evade detection and establishes persistence through registry modification. It connects to a C2 server at 154.90.47.77 over TCP Port 443, with geo-locking to Thailand. This campaign appears to be part of a broader effort targeting Thai officials, highlighting the ongoing cyber espionage landscape in Southeast Asia.
OPENCTI LABELS :
china,apt,espionage,phishing,yokai
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Chinese APT Target Royal Thai Police in Malware Campaign