Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware Cobalt Strike and custom tools exploiting vulnerabilities like CVE-2018-0824 for privilege escalation. They gathered information deployed backdoors harvested credentials and exfiltrated data. Evidence suggests the threat actor spoke Chinese and followed open-source anti-detection techniques.