Cert2Connect

Chinese APT abuses MSC files with GrimResource vulnerability

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia focusing on the Philippines Vietnam and Taiwan. The attack chain involves downloading and executing malicious files including a 64-bit shellcode and the Marte Beacon with CobaltStrike. The groups modus operandi reflects techniques of Chinese origin APTs operating Monday to Friday during hours compatible with Chinese time zones. While precise attribution is not possible it could be a subgroup of APT41. The campaigns have evolved since August 2nd incorporating a new module in the infection chain. The threat actor uses various decoys and targets both Windows and Linux systems.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak