MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur's Multi-Platform Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Earth Minotaur, a threat actor targeting Tibetan and Uyghur communities, utilizes the MOONSHINE exploit kit to compromise Android devices and install the DarkNimbus backdoor. The exploit kit targets vulnerabilities in instant messaging apps, particularly WeChat, and has been updated with new exploits since 2019. DarkNimbus, an unreported Android backdoor with a Windows version, allows for comprehensive surveillance. The attack chain involves social engineering tactics, exploiting Chromium-based vulnerabilities, and implanting a trojanized XWalk browser core. The backdoor supports various data collection and device control features. Earth Minotaur appears to be a distinct intrusion set from previously reported groups, though connections to other Chinese operations are noted.
OPENCTI LABELS :
backdoor,android,shadowpad,exploit kit,darknimbus,moonshine
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur's Multi-Platform Attacks