Chinese hackers have reportedly been targeting network appliances with malware that grants them persistent access and the ability to execute various operations. A recent report from cybersecurity researchers at Fortiguard, a part of Fortinet, identified the campaign as "ELF/SShdinjector.A!tr" and linked it to Evasive Panda, also known as Daggerfly or BRONZE HIGHLAND, a Chinese advanced persistent threat (APT) group that has been active since at least 2012.
Evasive Panda is known for engaging in cyberespionage activities, targeting individuals, government institutions, and organizations. Previous operations by the group have targeted entities in Taiwan, Hong Kong, and the Tibetan community. However, the specific victims of this recent campaign have not been disclosed.
The initial access point for the malware deployment by Evasive Panda was not discussed in the report by Fortiguard. However, common vulnerabilities such as weak credentials, known security flaws, or devices already compromised with backdoors are suspected entry points. Regardless of how the hackers gained access, injecting malware into the SSH daemon on the target devices provided them with a wide range of capabilities.
The malicious actions that Evasive Panda could perform included grabbing system details, accessing sensitive user data, retrieving system logs, uploading and downloading files, establishing a remote shell, remotely executing commands, deleting specific files, and stealing user credentials. This level of access and control over the compromised network appliances posed a significant threat to the security and privacy of the affected systems.
Previous activities by Daggerfly, such as targeting macOS users with an updated version of their malware in July 2024, demonstrate the group’s ongoing efforts to refine their tactics. The new variant used in that campaign, known as Macma, is a macOS backdoor first observed in 2020. Its functionalities include device fingerprinting, command execution, screen capturing, keylogging, audio recording, and file manipulation on compromised systems.
Fortiguard researchers also highlighted the use of artificial intelligence (AI) in reverse engineering and analyzing malware. While acknowledging the challenges such as hallucinations and omissions associated with AI-powered tools, the researchers praised the innovative potential of AI in cybersecurity.
The application of AI in malware analysis has significantly evolved in recent years, surpassing traditional disassemblers and decompilers in terms of efficiency and effectiveness. The researchers emphasized the groundbreaking advancements facilitated by AI in cyber defense strategies.
Overall, the findings from Fortiguard’s report shed light on the sophisticated tactics employed by Chinese hackers like Evasive Panda and underscore the importance of robust cybersecurity measures to thwart such advanced threats.
Source: BleepingComputer