← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
China-based cyber espionage campaign in SE Asia is expanding, says Sophos
According to cybersecurity company Sophos, a suspected China-based cyber espionage campaign called "Operation Crimson Palace"
is expanding its operations to additional countries. The campaign began in 2023 and is made up of three attack groups whose activity
is managed by China's Ministry of State Security. The group's activity ceased in August 2023, but has recently resumed using a
previously undocumented keylogger. The group uses open-source tools like Cobalt Strike (for command and control [C2 or C&C]),
SharpHound (for reconnaissance), Impacket (for lateral movement), Donut (a shellcode loader), Cloudflare tunnel (also for C2 work),
Indicators of Compromise (8 / 41 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-SHA256 | 101bf8dcdd414f09ba46cdecbd96e8606c79b0e76b6a2ce040395e775cb4da86 | SHA256 of 57b51418a799d2d016be546f399c2e9b | 2024-09-16 | |
| FileHash-SHA256 | 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c | SHA256 of 1453290db80241683288f33e6dd5e80e | 2024-09-16 | |
| FileHash-SHA256 | 4dd0debf03eeb938fbaca1f1fd391523358c23cbf18959a149c29133cc3c9cae | SHA256 of 8a0af14818eb5d6041d6988af1cf586d | 2024-09-16 | |
| FileHash-SHA256 | 5f959f480a66a33d37d9a0ef6c8f7d0059625ca2a8ae9236b49b194733622655 | SHA256 of 5e83b6ed422399de04408b80f3e5470e | 2024-09-16 | |
| FileHash-SHA256 | a22b8ef40b8abe2bd7161f425484e82207f322fef1d0562de5bf98e2f642b477 | SHA256 of 609aa4fe6955ee8fadaabbbcda229376 | 2024-09-16 | |
| FileHash-SHA256 | cc19c785702eea660a1dd7cbf9e4fef80b41384e8bd6ce26b7229e0251f24272 | SHA256 of aaf1146ec9c633c4c3fbe8091f1596d8 | 2024-09-16 | |
| FileHash-SHA256 | e4b7a1372233aef6d495743bb726fcd5037d4e90e043085498c21587335d36c7 | SHA256 of e8dd52e44949a4024b7910e161abc425 | 2024-09-16 | |
| FileHash-SHA256 | ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9 | SHA256 of 187ddca26d119573223cf0a32ba55a61 | 2024-09-16 |