BleepingComputer cybersecurity experts: The malware group submitted a ZIP archive with the decryptors to VirusTotal and now it plans to switch to cryptojacking.
New spear phishing campaign by Override Panda (APT 30). Cluster 25 cybersecurity experts: The Chinese APT tries to deliver a beacon of a Red Team framework known as “Viper”
Override Panda (aka PLA Unit 78020, APT 30, Camerashy, Naikon, Lotus Panda, Hellsing and BRONZE GENEVA) launched a new phishing campaign for cyber espionage purpose. It has been denounced by Cluster 25 cybersecurity experts. The Chinese APT used a spear phishing email to deliver a beacon of a Red Team framework known as “Viper”. The killchain includes an artifact that is already known and that was attributed to the group one year ago and it is used to load and execute a custom shellcode. The target is currently unknown but with high probability it might be a government institution from a South Asian country. The attack starts with a spear phishing email containing a weaponized document, written in Chinese, seems to be a reply to a call for tenders.