Intel Name: Updated shadowpad malware leads to ransomware deployment
Date of Scan: February 21, 2025
Impact: High
Summary: “Updated Shadowpad Malware Leads to Ransomware Deployment” reports on a series of incidents involving the Shadowpad malware, attributed to a Chinese threat actor. Over seven months, 21 companies across multiple regions, particularly in manufacturing, were targeted with similar tactics and techniques. In some cases, the actor deployed a previously unreported ransomware, an unusual tactic for Shadowpad campaigns, though APT41 has been known to use Encryptor RaaS. The reason behind the selective ransomware deployment remains unclear.
