HomeRisk ManagementsThe Evasive Panda Targets Tibet With Trojanized Software

The Evasive Panda Targets Tibet With Trojanized Software

Published on

spot_img

A recent cyber-espionage campaign conducted by the China-aligned APT group Evasive Panda, also known as BRONZE HIGHLAND and Daggerfly, has been identified as targeting Tibetans across multiple countries and territories. Beginning in September 2023, this operation utilizes a combination of targeted watering hole tactics and supply-chain compromises involving trojanized installers of Tibetan language translation software.

ESET researchers have shed light on the strategic methods employed by the attackers, particularly during the Monlam Festival, an important religious event for Tibetan Buddhism. By compromising the website of the festival organizer, the cybercriminals executed a watering hole attack, specifically directing individuals from certain networks to download malicious software unknowingly.

Additionally, the attackers utilized the festival website and a Tibetan news website, Tibetpost – tibetpost[.]net – as hosts for payloads acquired through the malicious downloads. These payloads included two complete backdoors for Windows systems and an undisclosed number of payloads for macOS, embedded within the trojanized software installers with the aim of further infiltrating victims’ devices.

Evasive Panda’s tactics demonstrate a high level of sophistication, with the deployment of various malicious software tools, including Nightdoor – a previously undocumented backdoor for Windows. This campaign showcases the group’s expertise in deploying downloaders, droppers, and backdoors to compromise networks and target individuals in East Asia.

By exploiting vulnerabilities in web infrastructure and software supply chains, the attackers sought to breach networks and compromise specific targets efficiently. The timing of the operation coinciding with the Monlam Festival indicates a strategic decision to capitalize on the increased online activity during this period.

For a more comprehensive understanding of the campaign, including Indicators of Compromise (IoCs) and samples, interested parties can access the ESET GitHub repository. This repository provides detailed information regarding the cyber-espionage techniques employed by Evasive Panda and offers insights into mitigating the risks associated with such attacks.

As cyber threats continue to evolve, it is imperative for organizations and individuals to remain vigilant and implement robust cybersecurity measures to safeguard against potential attacks. The Evasive Panda campaign serves as a stark reminder of the persistent threat posed by sophisticated cybercriminals and the importance of proactive defense strategies in today’s digital landscape.

Source link

Latest articles

FCC urges immediate cybersecurity upgrade in response to Salt Typhoon espionage incident

The Federal Communications Commission (FCC) has announced new cybersecurity measures aimed at improving network...

Russian hackers take control of Pakistani hackers’ servers for their own purposes

In a recent cyber-espionage revelation, the infamous Russian hacking group Turla, also known as...

Selecting Secure and Verifiable Technologies

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently released a comprehensive...

CISA Alert: Exploitation of Vulnerabilities in Zyxel, ProjectSend, and CyberPanel Detected

The recent addition of multiple security flaws affecting products from Zyxel, North Grid Proself,...

More like this

FCC urges immediate cybersecurity upgrade in response to Salt Typhoon espionage incident

The Federal Communications Commission (FCC) has announced new cybersecurity measures aimed at improving network...

Russian hackers take control of Pakistani hackers’ servers for their own purposes

In a recent cyber-espionage revelation, the infamous Russian hacking group Turla, also known as...

Selecting Secure and Verifiable Technologies

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recently released a comprehensive...