ESET Research, a leading cybersecurity company, has recently uncovered a sophisticated cyber campaign conducted by the notorious Advanced Persistent Threat (APT) group known as Evasive Panda. The group has been found targeting an international non-governmental organization (NGO) based in China, using a clever method involving malware delivered through updates of popular Chinese software.
Evasive Panda, a well-known APT group originating from China, has been active for several years, known for their advanced hacking techniques and persistent targeting of various high-value organizations. Their latest operation, discovered by ESET Research, involved exploiting the trust users place in software updates to deliver malicious code to their target’s network.
The victim in this case was an international NGO operating in China, whose identity has not been disclosed due to security reasons. The cybercriminals behind Evasive Panda capitalized on the NGO’s robust network connections and access to valuable information, making it an attractive target.
The campaign relied on a technique called “supply chain compromise,” which involves infiltrating the trusted supply chain of a widely-used piece of software to deliver malicious updates to unsuspecting users. In this case, Evasive Panda manipulated widely popular Chinese software, which is regularly updated to fix vulnerabilities and introduce new features, to deliver their malware.
By compromising the software’s update mechanism, the APT group ensured that the NGO would unknowingly download and install their malicious code. This method allowed the hackers to gain unauthorized access to the target’s network, quietly establish a foothold, and collect sensitive information. Through their presence in the NGO’s systems, Evasive Panda likely aimed to monitor their activities, obtain confidential data, or potentially launch further attacks.
ESET Research’s discovery of this campaign highlights the evolving sophistication of cyber threats and the need for organizations to remain vigilant in their cybersecurity practices. The APT group’s ability to exploit the trust placed in software updates emphasizes the importance of verifying the integrity of downloaded updates before installation.
Evasive Panda’s use of supply chain compromises is not an isolated incident. Similar techniques have been employed by other APT groups to infiltrate high-profile targets in the past. One notable example is the infamous NotPetya ransomware attack in 2017, which spread globally by modifying software updates of an accounting software widely used in Ukraine.
To protect against such attacks, organizations should adopt several cybersecurity best practices. Regularly updating software from reputable sources is crucial, but it is also essential to verify the authenticity and integrity of these updates. Additional measures, such as implementing multi-factor authentication, segmenting networks, and conducting regular security audits, can help minimize the risk of falling victim to these sophisticated cyber campaigns.
ESET Research has shared its findings with relevant authorities and continues to investigate the activities of Evasive Panda. Cybersecurity experts are working to disrupt the APT group’s operations and mitigate the threat posed by their actions.
As the cyber threat landscape evolves, organizations must equip themselves with robust cybersecurity defenses and remain proactive in their response to emerging threats. By staying up-to-date with the latest research and collaborating with cybersecurity experts, entities like this international NGO can enhance their resilience against advanced cyber attacks.