Twisted Panda

Description

(Check Point) Check Point Research (CPR) unveils a targeted campaign against at least two research institutes in Russia, which are part of the Rostec corporation, a state-owned defense conglomerate.

This campaign is a continuation of what is believed to be a long-running espionage operation against Russian-related entities that has persisted since at least July 2021. The operation may still be ongoing, as the most recent activity was observed in April 2022.

This activity was attributed to a Chinese threat actor, with possible connections to Stone Panda, APT 10, menuPass, a sophisticated and experienced nation-state-backed actor, and Mustang Panda, another proficient China-based cyber espionage group. The campaign has been dubbed Twisted Panda to reflect the sophistication of the tools observed and the attribution to China.

The hackers use new tools, which have not previously been described: a sophisticated multi-layered loader and a backdoor dubbed SPINNER. These tools use advanced evasion and anti-analysis techniques such as multi-layer in-memory loaders and compiler-level obfuscations.

Names

Name	Name-Giver
Twisted Panda	Check Point

Country

China

Motivation

Information theft and espionage

First Seen

2021

Observed Sectors

Defense

Observed Countries

Tools

SPINNER

Information

https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/

Other Information

Uuid

972bb21d-1172-47f8-85d1-a6aaf5ea175b

Last Card Change

2022-07-19

Threat Intelligence Garden

Explorer

Twisted Panda

Twisted Panda

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks