Sunday, July 21, 2024
HomeCyber CrimeTwisted Panda: Chinese APT Targets Russian Orgs

Twisted Panda: Chinese APT Targets Russian Orgs


As the Russia-Ukraine war continues, numerous threat actors, including APTs, are seeking to take advantage of the situation. Cyberespionage actors have found Russian firms to be a profitable target. A state-sponsored APT organisation was discovered eavesdropping on Russian companies.

Getting into the weeds

Twisted Panda was a targeted assault that spied on at least two Russian defence research organisations as well as an unknown target in Belarus.

The assaults were carried out using social engineering methods that claimed the US was distributing a biological weapon.

Defense research institutions affiliated with Rostec Corporation, Russia’s largest holding corporation in the radio-electronics industry, are among the casualties.

Why is this significant?

This cyberespionage campaign, according to Check Point, has been continuing since at least June 2021, with the most recent activity occurring in April 2022.

Stone Panda (APT10) and Mustang Panda, both skilled and experienced threat actors, have been blamed for the campaign.

The attacker used previously unknown tools such as Spinner, a multi-layered loader and backdoor. Since March of last year, the tools have been in active development and are capable of advanced anti-analysis and evasion strategies.

Spinner Information

It hides the programme flow by flattening the control flow.

Despite its complex code structure, Spinner is only used to list infected hosts and run payloads downloaded from a remote server.

Researchers uncovered an older strain of the implant based on the executables’ compilation timestamps, hinting that the campaign had been operating for some time.

Anti-reverse engineering techniques are not used in the earlier Spinner model. It could, however, list and alter files, perform OS commands, download payloads at will, and steal vital data, all of which are removed from the latest version.

In conclusion

According to research, threat actors significantly enhanced the infection chain in just a year, making it more complex. The campaign’s functions have been broken up into several pieces, making it impossible to notice or assess each stage. All of this suggests that the threat actors are committed to attaining their objectives of stealing important data. Chinese cyberespionage actors are quick to respond to real-world events and use the most appropriate lures to increase their chances of success.

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us