The Hacker News reports the reemergence of the Chinese state-backed threat group Override Panda, also known as Hellsing, Bronze Geneva, and Naikon, in a new phishing attack aimed at data exfiltration.
Override Panda has been leveraging spearphishing emails with a malicious Microsoft Office document to distribute the Viper Red Team framework, according to researchers from Cluster25.
"The target of this attack is currently unknown but with high probability, given the previous history of the attack perpetrated by the group, it might be a government institution from a South Asian country," said researchers.
More than 80 modules enabling initial access, privilege escalation, persistence, credential access, and arbitrary command execution have been observed within the Viper graphical intranet penetration tool.
"By observing Naikon APT's hacking arsenal, it was concluded that this group tends to conduct long-term intelligence and espionage operations, typical for a group that aims to conduct attacks on foreign governments and officials. To avoid detection and maximize the result, it changed different [tactics, techniques, and procedures] and tools over time," researchers added.