Cyber Threat Report: 'APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike'

This blog post by researchers at Cisco Talos outlines a malicious campaign which they identified targeting a government affiliated research institute in Taiwan. According to Talos, the group used Cobalt Strike command and control alongside ShadowPad malware and custom post-compromise tooling. Based on the malware and other tactics, techniques and procedures (TTPs) observed by the researchers, they assess with medium confidence that the activity is linked to APT41. The group used a vulnerable Microsoft Office binary for malware loading and developed a custom loader for CVE-2018-0824 - using a remote code execution vulnerability to achieve local privilege escalation.