Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

APT41 Attacks Taiwanese Research Institute

August 1, 2024
Reading Time: 2 mins read
in Alerts

Researchers have identified a cyber espionage campaign targeting a Taiwanese government-affiliated research institute known for its expertise in computing and related technologies. This campaign is linked to the Chinese state-sponsored hacking group APT41, which has been listed among the FBI’s most wanted due to its involvement in intrusion activities against over 100 victims globally. The attack began as early as July 2023, employing the notorious ShadowPad malware alongside other custom tools designed for post-compromise operations.

The initial breach involved exploiting an outdated version of Microsoft Office IME binary, which acted as a loader for the second-stage payload. ShadowPad, recognized for its remote access trojan capabilities, facilitated unauthorized access to the targeted systems. Additionally, APT41 utilized a tailored loader to inject a proof-of-concept for a known vulnerability, CVE-2018-0824, directly into memory, allowing for local privilege escalation through the exploitation of a Microsoft remote code execution vulnerability.

Once inside the network, the attackers compromised multiple hosts and exfiltrated sensitive documents. They executed malicious code to install a webshell for system exploration and deployed various methods, including RDP access and reverse shells, to deliver additional malware. Tools like Mimikatz and WebBrowserPassView were employed to capture credentials, and exfiltration was achieved using 7zip for both compression and encryption, indicating a high level of technical sophistication.

The evidence linking this attack to APT41 extends beyond the use of Chinese language in the code and the custom loader. The deployment of ShadowPad, a modular RAT commonly associated with Chinese hacking groups, further supports this connection. Significant overlaps in infrastructure, including a command-and-control server previously tied to APT41, reinforce the attribution. As tensions between Taiwan and China rise, experts highlight the increased risk posed by such sophisticated cyber operations to Taiwanese sovereignty and security.

 

Reference:

  • APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

Tags: APT41August 2024ChinaCyber AlertsCyber Alerts 2024cyber espionageCyber threatsShadowPadTaiwanThreat Actors
ADVERTISEMENT

Related Posts

Malicious Firefox Add Ons Steal Crypto Keys

Malicious Firefox Add Ons Steal Crypto Keys

July 4, 2025
Google Removes 352 ‘IconAds’ Fraud Apps

Google Removes 352 ‘IconAds’ Fraud Apps

July 4, 2025
Browser Cache Attack Bypasses Web Security

Browser Cache Attack Bypasses Web Security

July 4, 2025
Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

PDFs Deliver QR Codes in Callback Scams

July 3, 2025
Critical Sudo Flaws Expose Linux Systems

Critical Sudo Flaws Expose Linux Systems

July 3, 2025

Latest Alerts

Google Removes 352 ‘IconAds’ Fraud Apps

Malicious Firefox Add Ons Steal Crypto Keys

Browser Cache Attack Bypasses Web Security

PDFs Deliver QR Codes in Callback Scams

Critical Sudo Flaws Expose Linux Systems

Unkillable Mac Malware From North Korea

Subscribe to our newsletter

    Latest Incidents

    Tech Incubator IdeaLab Discloses Data Breach

    Brazil’s CIEE One Exposes 248,000 Records

    McLaughlin & Stern Discloses Data Breach

    Cyberattack Hits Medtech Firm Surmodics

    Rhysida Ransomware Hits German Charity WHH

    Hacker Accesses Max Financial’s User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial