"Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments"

A Chinese threat actor known as Sharp Panda has been running a cyber espionage campaign against government entities in Southeast Asia. The attacks involve a new version of the Soul modular framework, which is different from what was seen in the group's attack chains in 2021. According to Check Point researchers, the campaign has targeted countries such as Vietnam, Thailand, and Indonesia. Sharp Panda was first documented in June 2021, with researchers describing it as a highly organized operation that worked hard to stay under the radar. Symantec detailed the use of the Soul backdoor in October 2021 in relation to an unattributed espionage operation targeting defense, healthcare, and ICT sectors in Southeast Asia. According to research published in February 2022 by Fortinet FortiGuard Labs, the implant traces back to October 2017, with the malware reusing code from Gh0st RAT and other publicly available tools. The attack chain described by Check Point begins with a spear-phishing email containing a lure document that uses the Royal Road Rich Text Format (RTF) weaponizer to drop a downloader by exploiting one of several Microsoft Equation Editor vulnerabilities. This article continues to discuss new findings surrounding the Sharp Panda cyber espionage campaign. 

THN reports "Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments"