Earlier this year, cyber attackers targeted an undisclosed Asian country’s national power grid using ShadowPad malware, commonly associated with entities linked to the Chinese government, according to cybersecurity experts.
While Symantec did not explicitly attribute the incident to China, they identified the group as RedFly, who infiltrated the network for up to six months, siphoning credentials and targeting multiple computers.
ShadowPad, which first emerged in 2017, has also been linked to the APT41 hacking group, which researchers have connected to China’s Ministry of State Security and the People’s Liberation Army. In recent years, various China-linked groups have employed ShadowPad for cyber-espionage activities.
The attack’s initial signs emerged on February 28, when ShadowPad was deployed on a single computer, Symantec reported. The malware reappeared in the network on May 17, indicating that the hackers had maintained access for over three months.
Over the following week, the attackers worked to broaden their access to storage devices, collect system credentials, and conceal their tracks. They utilized the legitimate Windows application oleview.exe to gain insights into the victim’s network and move laterally.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: