Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

NetmanageIT OpenCTI -

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike


A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 for privilege escalation. They gathered information, deployed backdoors, harvested credentials, and exfiltrated data. Evidence suggests the threat actor spoke Chinese and followed open-source anti-detection techniques.


apt,cobalt strike,data exfiltration,shadowpad,credential theft,cobaltstrike,poisonplug.shadow,cve-2018-0824,unmarshalpwn

Open in NetmanageIT OpenCTI Public Instance with below link!

Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike