""The group exploits N-day vulnerabilities in internet-facing Microsoft Exchange and Internet Information Services (IIS) servers (e.g., ProxyLogon chain), then deploys web shells (Godzilla) for persistent access and stages ShadowPad implants via DLL sideloading of legitimate signed executables.""
""Targets of the campaigns include Pakistan, Thailand, Malaysia, India, Myanmar, Sri Lanka, and Taiwan. The lone European country that features in the threat actor's victimology footprint is Poland.""
""The starting point of the attacks is the exploitation of known security flaws to breach unpatched systems and drop web shells like Godzilla to facilitate persistent remote access.""
Cybersecurity researchers have identified a China-aligned espionage campaign, SHADOW-EARTH-053, targeting government and defense sectors in South, East, and Southeast Asia, as well as Poland. The group exploits N-day vulnerabilities in Microsoft Exchange and IIS servers, deploying web shells for persistent access and staging ShadowPad implants. Targets include Pakistan, Thailand, Malaysia, India, Myanmar, Sri Lanka, and Taiwan. The campaign shows overlap with a related intrusion set, SHADOW-EARTH-054, and utilizes known security flaws to breach systems and deploy malware like Noodle RAT.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]