- Security researchers observe Chinese attackers targeting networking appliances
- The code gives them sustained access and a variety of operations
- Hackers could grab system information, read sensitive user data and more
Chinese hackers have been seen targeted at networkers with malware that gave them sustained access and the ability to run all kinds of actions.
A new report from cybersecurity scientists Fortiguard (part of Fortinet) called the campaign “Elf/Sshdinjector.a! Tr ”, and attributed the attack to evasive Panda, also known as Daggerfly or Bronze Highland, a Chinese advanced Persistor threat (APT) group active since at least 2012.
The group is primarily participating in CyberSpionage, targeting individuals, government institutions and organizations. Previously, it was seen ongoing operations against units in Taiwan, Hong Kong and the Tibetan community. We don’t know who the victims in this campaign were.
Analysis with AI
Fortiguard did not discuss the first access, so we do not know what gave Evasive Panda the opportunity to implement malware. We can only suspect the usual – weak credentials, known vulnerabilities or devices that are already infected with back doors. In any case, evasive panda was seen injecting malware in the SSH demon on the devices and opening the doors to a wide range of actions.
For example, the hackers could grab system details, read sensitive user data, access system logs, upload or download files, open an external shell, run any command external, delete specific files from the system and exfiltrate user information.
We last heard about Daggerfly in July 2024 when the group was seen targeted at MacOS users with an updated version of their proprietary malware. A report from Symantec claimed that the new variant was probably introduced when older variants became too exposed.
In this campaign, the group used a piece of malware called Macma, a macOS back door that was first observed by 2020, but it is still not known who built it. Being a modular back door includes MacMa’s key functionalities Device Fingerprint, Performing Commands, Screen Grips, Keylogging, Audio Recording and Uploading/Downloading Files from the Compromed Systems.
Fortiguard also discussed Reverse Engineering and analyzed malware with AI. While it emphasized that there were usual AI-related problems, such as hallucinations and omissions, the researchers praised the potential of the tool.
“While disassembling and breaking downs have improved in the last decade, this cannot be compared to the level of innovation we see with AI,” the researchers said. “This is unique!”
Via Bleeping computer
