2022-05-24

Twisted Panda Campaign Targets Russian Defense Institutions

Level: 
Tactical
  |  Source: 
CheckPoint
Defense & Government
Share:

Twisted Panda Campaign Targets Russian Defense Institutions

An espionage campaign attributed to Chinese APT groups, APT10 (aka. Stone Panda) and Mustang Panda has been investigated by CheckPoint to be targeting Russian defense entities since June 2021 with recent activity observed in April 2022. The campaign is named, Twisted Panda given the attributed threat actors involved. The targeted Russian entities are those part of the state's owned defense conglomerate, Rostec Corporation specializing in radio-electronics along with research, design, and manufacturing of warfare systems. Phishing emails containing malicious documents are distributed for the campaign, using themes that are related to events associated with the Russia and Ukraine conflict. The malicious document from the email contains an external template (.DOTM file) and with macro code downloads two DLL files and an INIT file. The dropped DLL files run shellcode from the INIT file to set persistence with a scheduled task. The infection leads to the SPINNER backdoor, created from a remote thread in MSIEXEC. The backdoor has capabilities to collect system information, exfiltrate files, download additional payloads and run OS commands.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now