In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication.| Trend Micro
Threat actors abused Visual Studio Code and Microsoft Azure infrastructure to target large business-to-business IT service providers in Southern Europe.| SentinelOne
Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.| SentinelOne
An unknown threat cluster, Green Nailao, has been actively targeting European organizations, particularly in the healthcare sector, between June and October 2024. Tracked by Orange Cyberdefense CERT, this campaign exploited CVE-2024-24919 on vulnerable Check Point Security Gateways to deploy ShadowPad and PlugX, two implants linked to China-nexus cyber intrusions. Our reverse-engineering team uncovered a highly obfuscated ShadowPad variant using Windows services and registry keys for persiste...| www.orangecyberdefense.com
This report highlights a rarely-discussed but crucially important attack surface: security vendors themselves.| SentinelOne
Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.| SentinelOne
Reference for GLib-2.0| docs.gtk.org
Overview ¶| pkg.go.dev
