Chinese cyber spies target African and Caribbean governments with new tactics

May 24, 2024
1 min read



Article Summary

TLDR:

Chinese espionage group Sharp Panda, now known as Sharp Dragon, is targeting governmental organizations in Africa and the Caribbean using sophisticated tactics like using Cobalt Strike Beacon as a payload for backdoor functionalities. They have been expanding their attack goals and leveraging 1-day security flaws to infiltrate infrastructure.

Chinese threat actors like Sharp Dragon and TGR-STA-0043 are targeting diplomatic missions and governments in the Middle East, Africa, and Asia. These attacks align with China’s broader technological agenda in these regions as part of projects like the Digital Silk Road.

Article Summary

The China-linked threat actor Sharp Panda, now called Sharp Dragon, has shifted its focus to target governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. They are using sophisticated tactics like utilizing Cobalt Strike Beacon as a payload to minimize exposure of their custom tools.

Sharp Dragon has been observed targeting high-profile government entities in Southeast Asia and G20 nations, utilizing backdoors like the Soul modular malware framework and exploiting 1-day security flaws for infiltration. The threat actor has also expanded its attack goals to include Africa and the Caribbean, leveraging compromised email accounts in Southeast Asia for phishing attacks.

Alongside Sharp Dragon, another threat actor known as TGR-STA-0043 has been targeting diplomatic missions and governments in the Middle East, Africa, and Asia since late 2022. These attacks align with China’s broader technological agenda, including projects like the Digital Silk Road.

These Chinese threat actors are using tactics like ORB networks to obscure their origins and proxy traffic, allowing for espionage operations with higher success rates. The use of ORB networks is part of a broader evolution towards purposeful and stealthy cyber operations by China-nexus actors.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and