By Yi-Jhen Hsieh & Joey Chen
Executive Summary
ShadowPad is a privately sold modular malware platform –rather than an open attack framework– with plugins sold separately.
ShadowPad is still regularly updated with more advanced anti-detection and persistence techniques.
It’s used by at least four clusters of espionage activity. ShadowPad was the primary backdoor for espionage operations in multiple campaigns, including the CCleaner, NetSarang, and ASUS supply-chain attacks.
The adoption of S…