HOMETHREATSBatShadow
APT / THREAT GROUP

BatShadow

🇻🇳Vietnam-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

BatShadow is a Vietnamese threat actor that targets job seekers and digital marketing professionals through social engineering campaigns, deploying the Go-based malware known as Vampire Bot. The group impersonates recruiters and distributes malicious job descriptions and corporate PDFs, triggering a multi-stage infection chain that enables remote surveillance and data theft. Analysts have linked BatShadow to Vietnam based on infrastructure reuse and targeting patterns, noting its history of using domains like samsung-work.com to distribute various malware families, including Agent Tesla and Quasar RAT. The actor employs techniques such as filename tricks and coercive browser actions to evade detection and increase the likelihood of successful compromises.

Threat Analysis

BatShadow is a known-sophistication threat actor attributed to Vietnam, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

BatShadow — Active Operations March 2026

BatShadow is a unknown-motivation threat actor attributed to VN. BatShadow is a Vietnamese threat actor that targets job seekers and digital marketing professionals through social engineering campaigns, deploying the Go-based malware known as Vampire Bot. The group impersonates recruiters and distributes malicious job descriptions and corporat...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇻🇳 Vietnam
Aliases1
SourceMalpedia

Also Known As

BatShadow

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
BatShadow — APT / Threat Group | Threat Intelligence | CTIWATCH.COM