Scatterbrain: unmasking the shadow of poisonplug’s obfuscator

Intel Name: Scatterbrain: unmasking the shadow of poisonplug’s obfuscator

Date of Scan: February 3, 2025

Impact: High

Summary:
Since 2022, Threat Intelligence Group has tracked cyber espionage campaigns by China-nexus actors using POISONPLUG.SHADOW. These operations leverage a custom obfuscating compiler, “ScatterBrain,” to target entities across Europe and the Asia-Pacific region. ScatterBrain represents a significant evolution of ScatterBee, previously analyzed by PWC. GTIG assesses POISONPLUG as an advanced modular backdoor used by multiple China-based threat groups, with POISONPLUG.SHADOW appearing to be primarily linked to APT41.

More Details