image credit: Unsplash

China-linked Moshen Dragon abuses security software to sideload malware

May 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns.

Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups.

Experts observed overlap between the TTPs of the Moshen Dragon group with the ones of the Chinese Nomad Panda (aka RedFoxtrot).

RedFoxtrot has been active since at least 2014 and focused on gathering military intelligence from neighboring countries, it is suspected to work under the PLA China-linked Unit 69010.

Read More on Security Affairs