Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center


The Anomali Threat Research Team detected a spear phishing email targeting government employees in the Municipality of Da Nang, Vietnam. The email contained a malicious Microsoft Excel document which drops a malicious Dynamic-Link Library (DLL) providing the actor with CMD reverse shell over HTTP. The DLL shares code similarities to exile-RAT, a tool associated with Pirate Panda. Pirate Panda is an APT backed by China and known for targeting government and political organisations.

Read more…