Sophisticated Cyber Espionage Campaign Unleashes MOONSHINE and DarkNimbus to Spy on Uyghur and Tibetan Communities

Sophisticated Cyber Espionage Campaign Unleashes MOONSHINE and DarkNimbus to Spy on Uyghur and Tibetan Communities

Earth Minotaur, a newly identified threat actor, is conducting surveillance operations targeting Tibetan and Uyghur communities using two main tools:

1. MOONSHINE Exploit Kit:

– Targets Chromium-based browsers and applications

– Exploits multiple known vulnerabilities

– Specifically targets apps like Chrome, WeChat, LINE, QQ, and Zalo

2. DarkNimbus Backdoor:

– Cross-platform malware affecting both Android and Windows

– Uses XMPP protocol for command and control

– Capabilities include:

* Data theft (contacts, messages, browser data)

* Device surveillance (screenshots, call recording)

* Remote command execution

* Access to multiple messaging apps

Attack Method:

– Social engineering via messaging apps

– Malicious links leading to 55+ exploit servers

– Browser engine downgrade attacks when direct exploitation fails

Geographic Scope:

Affects 17 countries including Australia, Canada, France, Germany, India, Japan, and the US.

Security Implications:

– Sophisticated operation with evolving tools

– Shared infrastructure with other threat actors

– Regular software updates required for protection

– Primarily targets specific ethnic communities

Share This Article