"APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor"

An attack campaign targeting unpatched Microsoft Exchange Servers as an initial access vector to launch the ShadowPad malware is targeting entities in Afghanistan, Malaysia, and Pakistan. This activity has been attributed to a previously unknown Chinese-speaking threat actor. Organizations in the telecommunications, manufacturing, and transportation sectors are among the targets. During the initial attacks, the group used an MS Exchange vulnerability to deploy ShadowPad malware and infiltrate one of the victims' building automation systems. By gaining control of those systems, the attacker gains access to other, more sensitive systems within the attacked organization. ShadowPad, the successor to PlugX that debuted in 2015, is a privately sold modular malware platform that has been used by numerous Chinese espionage actors over the years. Although its design allows users to remotely deploy additional plugins that can extend ShadowPad's functionality beyond covert data collection, the malware's anti-forensic and anti-analysis techniques are what make it dangerous. This article continues to discuss the ShadowPad backdoor being used in the targeting of ICS.

THN reports "APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor"