Novel Soul malware variant leveraged in Chinese state-backed campaign

Thai, Indonesian, and Vietnamese government agencies are being subjected to spear-phishing attacks by the Chinese state-sponsored cyberespionage operation Sharp Panda with the updated Soul malware, according to BleepingComputer. Spear-phishing emails sent by Sharp Panda attackers contain DOCX file attachments that facilitate RoyalRoad RTF kit distribution, a report from Check Point revealed. Older vulnerabilities are leveraged by RoyalRoad to enable scheduled task creation and the execution of a DLL malware downloader, which would then retrieve the second DLL dubbed "SoulSearcher loader" and result in the loading of the Soul malware. Soul malware was discovered by researchers to be updated to feature a "radio silence" mode that enables the customization of hours in which the backdoor would not communicate with the command-and-control server in a bid to bypass detection. "This is an advanced OpSec feature that allows the actors to blend their communication flow into general traffic and decrease the chances of network communication being detected," said researchers. Numerous HTTP request methods are also being supported by the updated Soul malware, enhancing its flexibility, according to Check Point.