The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities.
Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a cyber espionage group known for its intrusions against organizations identified as strategically significant to China. The threat actor is believed to have been active since at least 2009.
The group has also been linked to attacks using malware families like SigLoader, SodaMaster, and a web shell called Jackpot against multiple Japanese domestic organizations since April 2021, per cybersecurity firm Trend Micro, which is tracking the group under the name Earth Tengshe.
The latest set of attacks, observed between March and June 2022, involve the use of a bogus Microsoft Word file and a self-extracting archive (SFX) file in RAR format propagated via spear-phishing emails, leading to the execution of a backdoor called LODEINFO.
images from Hacker News