Summary: Cado Security Labs has identified a new malware campaign aimed at the Royal Thai Police, linked to the Chinese APT group Mustang Panda. This campaign involves the use of fake documents and shortcuts that lead to the execution of the Yokai backdoor, with techniques that highlight advanced evasion methods. The operation specifically targets Thailand amidst rising geopolitical tensions in Southeast Asia.
Affected: Royal Thai Police
Keypoints :
- Campaign leverages seemingly legitimate documents with FBI content to deliver malware.
- Malicious shortcut file executes commands from a disguised PDF, leading to the installation of a trojanized PDF-XChange Driver Installer.
- Advanced evasion techniques include dynamic API resolution and geo-locking to focus on victims in Thailand.
Source: https://securityonline.info/cyber-espionage-in-thailand-chinese-apt-deploys-yokai-malware/