Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 for privilege escalation. They gathered information, deployed backdoors, harvested credentials, and exfiltrated data. Evidence suggests the threat actor spoke Chinese and followed open-source anti-detection techniques.
OPENCTI LABELS :
apt,cobalt strike,data exfiltration,shadowpad,credential theft,cobaltstrike,poisonplug.shadow,cve-2018-0824,unmarshalpwn
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike