skip to Main Content

At The Identity Organisation, we're here to help!

Slide Get in Touch With Us We work closely with our clients to understand their goals and then help them develop their plans in accordance with their core requirements. Our success is our clients success. Get in touch with us to uncover and deliver on opportunities that build lasting value. How to find us The Identity Organisation Ltd
Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN
Contact Details +44 (0) 1628 308038
info@tidorg.com

Alternatively, fill in our contact form below and one of our consultants will be in touch.

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Chinese Hacker Group Debuts After 3 Years of Testing with a Previously Unseen Backdoor Exploit

    Chinese Hacker Group

    Dubbed ‘SharpPanda’, this Chinese APT group uses malicious Word docs, .RTF templates, and the RoyalRoad malware to install a powerful backdoor DLL giving them all kinds of access.

    Researchers at Check Point Research have identified an ongoing operation that specifically targets an unspecified Southeast Asian government. Using spear-phishing as the initial attack vector, SharpPanda use a mix of old vulnerabilities, new evasion techniques, and a particularly powerful backdoor DLL to exfiltrate system information, files, and screenshots.

    Using legitimate-looking official documents as attachments, SharpPanda’s malicious document downloads a .RTF template that is weaponized with RoyalRoad, which helps deliver and decrypt the payload. The attackers utilize an older Equation Editor exploit and anti-analysis and anti-debugging techniques built into their loaders to avoid detection.

    The previously unknown backdoor is a custom piece of malware that includes a number of capabilities, including:

    • Delete/Create/Rename/Read/Write Files and get files attributes
    • Get processes and services information
    • Get screenshots
    • Pipe Read/Write – run commands through cmd.exe
    • Create/Terminate Process
    • Get TCP/UDP tables
    • Get CDROM drives data
    • Get registry keys info
    • Get titles of all top-level windows
    • Get victim’s computer information – computer name, user name, gateway address, adapter data, Windows version (major/minor version and build number) and type of user
    • Shutdown PC

    The takeaway from this story is that hackers will take their time developing powerful purpose-built tools to gain the access they need and to carry out whatever malicious actions they intend on. The good news here is that the bad guys still need an “in” – in the case of SharpPanda, it’s a phishing attack; they need a user to open an unsolicited document in the first place to begin the attack. Users that undergo Security Awareness Training are materially less prone to engaging with unknown content, having been tested through simulated phishing tests, and through learning about phishing scams and social engineering tactics used by groups like SharpPanda.


    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    close

    Sign Up to the TIO Intel Alerts!

    Back To Top