THE Acronis Threat Research Unit has revealed a previously unknown espionage campaign named Khmer Shadow, targeting Cambodian defense and public works sectors. The attackers distribute a new malware, NIGHTFORGE, via spear-phishing emails containing government-themed lures. The campaign features sophisticated techniques like DLL sideloading using a legitimate VMware binary, allowing malware to function undetected.
The malware's stealth includes advanced evasion tactics and anti-analysis features to bypass security measures. Notable targets include Cambodia's Information Collection Bureau and the Ministry of Public Works and Transport, indicating motivations tied to regional intelligence interests in Southeast Asia. Attribution to specific actors remains unconfirmed, but the operation demonstrates a blend of social engineering and custom malware aimed at South Asian governmental intelligence.