🇨🇳

SharpPanda

APT Group Information theft and espionage 5 zero-day CVEs ETDA ✓

Also Known As 1 names

Sharp Dragon

Target Countries 7

Countries highlighted in red

Canada Indonesia Japan Malaysia Thailand United States Vietnam

Sectors Targeted

Insurance Carriers and Related Activities 524 Government Computer Systems Design and Related Services 54151 Air Transportation 481

Details

Origin 🇨🇳 CN

Last Updated 08 Nov 2023

Malware Families 2

sakula_rat

firechili

MITRE ATT&CK 61

T1016 T1018 T1021 T1021.002 T1021.006 T1027 T1027.005 T1027.010 T1027.013 T1033 T1036 - Masquerading T1036.005 T1047 T1053.005 T1055 - Process Injection T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 T1059.003 T1059.005 T1059.007 T1070.004 T1071 T1071.001 T1078 T1078.004 T1082 T1105 T1112 T1132 T1132.001 T1134 - Access Token Manipulation T1140 T1189 T1190 - Exploit Public-Facing Application T1195.002 T1204 T1204.002 T1218 T1218.010 T1218.011 T1219 T1505 - Server Software Component T1505.003 - Web Shell T1530 - Data from Cloud Storage Object T1543 T1543.003 T1546 T1546.008 T1547 T1547.001 T1564 T1564.003 T1566 T1566.001 T1574 T1574.001 T1584.004 T1588 T1588.001 T1588.002

Related Zero-Days 5

CVE-2023-0669 CVE-2024-12356 CVE-2025-14847 CVE-2025-55182 CVE-2025-59287

Known Names 2 entries

SharpPanda Check Point

Sharp Dragon Check Point

Observed Target Countries 5

Based on ETDA data — countries highlighted in red

Indonesia Malaysia Thailand Vietnam Africa, the Caribbean and Southeast Asia

Description

(Check Point) Check Point Research identified an ongoing surveillance operation targeting a Southeast Asian government. The attackers use spear-phishing to gain initial access and leverage old Microsoft Office vulnerabilities together with the chain of in-memory loaders to attempt and install a previously unknown backdoor on victim’s machines. Our investigation shows the operation was carried out by what we believe is a Chinese APT group that has been testing and refining the tools in its arsenal for at least 3 years.

Tools Used 2

8.t Dropper Cobalt Strike

Operations 2

2024 Chinese Espionage Campaign Expands to Target Africa and The Caribbean https://blog.checkpoint.com/research/chinese-espionage-campaign-expands-to-target-africa-and-the-caribbean/

2024-03 Inside the SharpPanda's Malware Targeting Malaysia https://notes.netbytesec.com/2024/05/inside-sharppandas-malware-targeting.html

Reports & References 1

https://research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoor/

ETDA Profile

SharpPanda, Sharp Dragon

Origin

China

First Seen 2018

Motivation

Information theft and espionage

View on ETDA APT Groups ↗