Chinese government agencies are paying an APT, masked as a legitimate company, to spy on foreign and domestic targets of political interest. Read More
darkreading
https://harfanglab.io/en/insidethelab/isoon-leak-analysis/
| IOC IPs: | 74.120.172.10 8.218.67.52 |
| IOC Hosts: | mailnotes.online |
| IOC CVE: | CVE-2022-30190 |
| Malware Family: | ShadowPad, Winnti |
| Exploits: | 1-click exploit to bypass Twitter two-factor authentication |
| Adversary: | iSOON |
| Country of origin: | China |