Email security

New phishing attack launched by Chinese Override Panda hackers

Share

The Hacker News reports the reemergence of the Chinese state-backed threat group Override Panda, also known as Hellsing, Bronze Geneva, and Naikon, in a new phishing attack aimed at data exfiltration. Override Panda has been leveraging spearphishing emails with a malicious Microsoft Office document to distribute the Viper Red Team framework, according to researchers from Cluster25. "The target of this attack is currently unknown but with high probability, given the previous history of the attack perpetrated by the group, it might be a government institution from a South Asian country," said researchers. More than 80 modules enabling initial access, privilege escalation, persistence, credential access, and arbitrary command execution have been observed within the Viper graphical intranet penetration tool. "By observing Naikon APT's hacking arsenal, it was concluded that this group tends to conduct long-term intelligence and espionage operations, typical for a group that aims to conduct attacks on foreign governments and officials. To avoid detection and maximize the result, it changed different [tactics, techniques, and procedures] and tools over time," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.