Researchers have discovered a new cyber espionage weapon they believe was developed and is used by a China-based APT group they have named SharpPanda. A previously unknown Windows backdoor enables remote access and the collection of considerable live data – but only during Chinese working hours.

An ongoing campaign is targeting the Ministry of Foreign Affairs in a Southeast Asian country. It starts with the spear-phishing email delivery of a weaponized document – although in one sense it starts earlier with the attackers stealing genuine documents from another department in the same government to add authenticity to the real campaign.