A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. The attacks, which have been underway since at least early 2021, appear to have intelligence gathering as their main goal.
The current campaign appears to be almost exclusively focused on government or public entities, including:
- Head of government/Prime Minister’s Office
- Government institutions linked to finance
- Government-owned aerospace and defense companies
- State-owned telecoms companies
- State-owned IT organizations
- State-owned media companies