Latest posts tagged with #shadowpad on Bluesky
The #Shadowpad samples are signed with two certificates both issued from the signer “四川奇雨网络科技有限公司”. This is a company located in Sichuan Chengdu, China specialised in developing computer software and providing network communication devices.
🔥 NEW research published: We uncover #DKnife, a China-nexus gateway-monitoring framework that intercepts network traffic, monitors user activity, and delivers malware #Shadowpad & #DarkNimbus via routers and edge devices.
blog.talosintelligence.com/knife-cuttin...
China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware reconbee.com/china-linked...
#china #InkDragon #government #shadowpad #FINALDRAFT #malware #malwareattack #cyberattack
~Checkpoint~
Threat actor Ink Dragon turns compromised IIS servers into a distributed C2 relay network using a custom ShadowPad module.
-
IOCs: CVE-2025-49706, CVE-2025-53771, CVE-2025-49704
-
#InkDragon #ShadowPad #ThreatIntel
Critical WSUS flaw CVE-2025-59287 exploited to deploy ShadowPad malware, granting full system access. Immediate patching is essential. #CyberSecurity #WSUS #ShadowPad #MalwareAlert Link: thedailytechfeed.com/shadowpad-ma...
Alert: ShadowPad malware is exploiting a critical WSUS vulnerability (CVE-2025-59287) to gain full system access. Ensure your systems are patched and monitor for unusual activities. #CyberSecurity #WSUS #ShadowPad Link: thedailytechfeed.com/shadowpad-ma...
Microsoft corregge il bug su WSUS, ma gli hacker Cinesi arrivano prima
📌 Link all'articolo : www.redhotcyber.com/post/mic...
#redhotcyber #news #cybersecurity #hacking #malware #windowsserver #microsoft #shadowpad #powercat
🔥 CRITICAL: Chinese APTs are actively exploiting a WSUS RCE vulnerability (CVE-2025-59287) to deploy the ShadowPad backdoor. Attackers gain SYSTEM access for espionage. Patching is urgent! #ThreatIntel #CVE #ShadowPad #CyberAttack
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access reconbee.com/shadowpad-ma...
#shadowpad #malware #malwareattack #WSUS #Vulnerability #cyberattack
Analisi dell’attacco ShadowPad via CVE-2025-59287 su WSUS, con installazione tramite curl e certutil e gravi rischi per infrastrutture enterprise.
#ahnlab #apt #backdoor #cina #ShadowPad #WSUS
www.matricedigitale.it/2025/11/24/a...
Security threat visualization
ShadowPad is exploiting a HIGH-severity WSUS vulnerability—full system access at stake! Euro orgs: restrict WSUS access, watch for patches, monitor for unusual activity. Act now. radar.offseq.com/threat/shadowpad-malware... #OffSeq #WSUS #ShadowPad
Chinese hackers are exploiting a critical WSUS vulnerability to deploy ShadowPad malware. Ensure your systems are patched and secure. #CyberSecurity #WSUS #ShadowPad #InfoSec Link: thedailytechfeed.com/chinese-hack...
Jewelbug: APT cinese attivo dal 2023 con backdoor modulari, sideloading DLL, uso di Graph API e nuove intrusioni che coinvolgono provider IT russi.
#apt #cina #EarthAlux #FINALDRAFT #iis #Jewelbug #MicrosoftGraphAPI #ShadowPad #supplychain
www.matricedigitale.it/2025/10/16/j...
⚠️ Chinese hackers hit governments, media, and cybersecurity firms in a global cyber espionage spree. Over 70 orgs targeted using tools like ShadowPad and PurpleHaze.
Read: hackread.com/chinese-link...
#CyberSecurity #China #CyberAttack #PurpleHaze #ShadowPad #APT15
Famous Sparrow APT Group: Enhanced Cyber Arsenal and Global Threats
#famoussparrow
#aptgroup
#cyberespionage
#shadowpad
#cybersecurity
🚨 Cyber Alert: FamousSparrow APT Group Resurfaces!
Two new variants of the SparrowDoor
👉 technijian.com/cyber-securi...
#CyberSecurity #Malware #FamousSparrow #APTThreat #SparrowDoor #ShadowPad #Technijian #InfoSec #CyberAttack #DataBreach #ThreatIntelligence #CISO #IncidentResponse #HackingNews
This campaign is also the first documented time that FamousSparrow used #ShadowPad, a privately sold modular backdoor known to only be supplied to threat actors affiliated with China. 4/5
中国が支援するスパイ集団がランサムウェアを使用していた事例が明るみに
Cases of China-Backed Spy Groups Using Ransomware Come to Light #SecurityBoulevard (Feb 21)
#中国 #サイバースパイ #ランサムウェア #ShadowPad #PlugX
China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware reconbee.com/china-linked...
#china #Chinese #Shadowpad #ransomware #ransomwareattack #cyberattacks
Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines China-linked cyberespio...
www.securityweek.com/chinese-apt-tools-found-...
#Cybercrime #Malware #& #Threats #Nation-State […]
[Original post on securityweek.com]
For incident responders, remember to retrieve the volume serial number where #Shadowpad was deployed, since it is used to encrypt the payload in the registry. Those serial numbers can also be found in LNK and Prefetch files in case you don't have live access to the host anymore
We released a report on an updated version of #Shadowpad including anti-debugging features and new configuration structure, that in some cases deploy a custom ransomware family. We have mainly seen the manufacturing industry being targeted in Europe and Asia www.trendmicro.com/fr_fr/resear...
#APT
🆕We publish today the result of a deep-dive investigation into a malicious campaign leveraging #ShadowPad and #PlugX to distribute a previously-undocumented ransomware, dubbed #NailaoLocker.
This campaign targeted 🇪🇺 organizations during S2 2024 and is tied to Chinese TA 🇨🇳.
APT41 Hackers Attacking Research Institute with ShadowPad and Cobalt Strike
cybersecuritynews.com/apt41-hacker...
#Infosec #Security #Cybersecurity #CeptBiro #APT41Hackers #ResearchInstitute #ShadowPad #CobaltStrike
#APT41 rumored to have compromised a Taiwanese government-affiliated research institute.
The malicious campaign was run using #Cobalt Strike and RAT #ShadowPad (namely the successor of PlugX).
blog.talosintelligence.com/chinese-hack...
🚨 ALERT: BLOODALCHEMY #malware, an updated version of Deed RAT and successor to #ShadowPad, targets government organizations in Southern and Southeastern Asia.
thehackernews.com/2024/05/japa...
#cybersecurity #infosec #hacking
