Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country’s civilian and military intelligence agencies.
“ShadowPad is decrypted in memory using a custom decryption algorithm,” researchers from Secureworks said in a report shared with The Hacker News. “ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality.”
ShadowPad is a modular malware platform sharing noticeable overlaps with the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures.
While initial campaigns that delivered ShadowPad were attributed to a threat cluster tracked as Bronze Atlas aka Barium – Chinese nationals working for a networking security company named Chengdu 404 – it has since Read more: https://bit.ly/3GPehrH