Chinese hackers have recently been observed targeting network appliances with malware, providing them with persistent access and a range of operations. This new campaign, dubbed “ELF/SShdinjector.A!tr” by cybersecurity researchers Fortiguard, has been attributed to Evasive Panda, also known as Daggerfly or BRONZE HIGHLAND, a Chinese advanced persistent threat (APT) group that has been active since at least 2012.
The Evasive Panda group is known for engaging in cyberespionage, with a history of targeting individuals, government institutions, and organizations. Previous operations have been directed at entities in Taiwan, Hong Kong, and the Tibetan community. However, the specific victims of this latest campaign have not been disclosed.
The initial access method used by Evasive Panda to deploy malware remains unknown, but potential vulnerabilities could include weak credentials, known vulnerabilities, or previously infected devices. Once the malware was injected into the SSH daemon on these network appliances, the hackers gained various capabilities.
Among the actions that the hackers could carry out include accessing system details, reading sensitive user data, viewing system logs, uploading or downloading files, opening a remote shell, running commands remotely, deleting specific files from the system, and stealing user credentials.
Daggerfly was last reported targeting macOS users in July 2024 with an updated version of their proprietary malware. This new variant was likely introduced due to exposure of older variants. The malware, known as Macma, is a macOS backdoor first observed in 2020, with functionalities such as device fingerprinting, executing commands, screen capturing, keylogging, audio capture, and file uploading/downloading.
Fortiguard researchers also discussed the use of AI in reverse engineering and analyzing malware. While acknowledging potential issues like hallucinations and omissions, they praised the tool’s capabilities. The researchers highlighted the significant advancements in AI technologies compared to traditional disassemblers and decompilers.
Overall, the use of AI in cybersecurity research shows promising potential for enhancing threat detection and analysis. As cyber threats continue to evolve, leveraging advanced technologies like AI will be crucial in staying ahead of sophisticated adversaries.
In conclusion, the recent campaign targeting network appliances by Chinese hackers underscores the ongoing cybersecurity challenges faced by organizations worldwide. By understanding the tactics and techniques used by threat actors like Evasive Panda, security professionals can better protect their networks and data from malicious cyber activities.