Chinese APT Abuses VSCode to Target Government in Asia
The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain initial access and deliver additional malware payloads. This represents the first observed instance of threat actors exploiting this vulnerability. The campaign exhibits strong connections to a previous Stately Taurus operation through shared tactics techniques procedures (TTPs) timelines and victimology. Furthermore the report examines a potential link between the Stately Taurus activity and a separate cluster involving the ShadowPad backdoor within the same targeted environment.