SparklingGoblin is the name given to a Chinese advanced persistent threat (APT) group with connections to the Winnti umbrella (aka APT41, Barium, Earth Baku, or Wicked Panda). It’s primarily known for its attacks targeting various entities in East and Southeast Asia at least since 2019, with a specific focus on the academic sector.
In August 2021, ESET unearthed a new piece of custom Windows malware codenamed SideWalk (aka ScrambleCross) that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S.
Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker Grayfly, while pointing out the malware’s similarities to that of Crosswalk.