- Security researchers observe Chinese attackers targeting network appliances
- The code grants them persistent access and a number of different operations
- Hackers could grab system details, read sensitive user data, and more
Chinese hackers have been seen targeting network appliances with malware which gave them persistent access and the ability to run all sorts of actions.
A new report from cybersecurity researchers Fortiguard (part of Fortinet) dubbed the campaign “ELF/SShdinjector.A!tr”, and attributed the attack to Evasive Panda, also known as Daggerfly, or BRONZE HIGHLAND, a Chinese advanced persistent threat (APT) group active since at least 2012.
The group primarily engages in cyberespionage, targeting individuals, government institutions, and organizations. In the past, it was seen running operations against entities in Taiwan, Hong Kong, and the Tibetan community. We don’t know who the victims in this campaign were.
Analyzing with AI
Fortiguard did not discuss initial access, so we don’t know what gave Evasive Panda the ability to deploy malware. We can only suspect the usual – weak credentials, known vulnerabilities, or devices already infected with backdoors. In any case, Evasive Panda was seen injecting malware in the SSH daemon on the devices, opening up the doors for a wide variety of actions.
For example, the hackers could grab system details, read sensitive user data, access system logs, upload or download files, open a remote shell, run any command remotely, delete specific files from the system, and exfiltrate user credentials.
We last heard of Daggerfly in July 2024, when the group was seen targeting macOS users with an updated version of their proprietary malware. A report from Symantec claimed the new variant was most likely introduced since older variants got too exposed.
In that campaign, the group used a piece of malware called Macma, a macOS backdoor that was first observed in 2020, but it’s still not known who built it. Being a modular backdoor, Macma’s key functionalities include device fingerprinting, executing commands, screen grabbing, keylogging, audio capture, and uploading/downloading files from the compromised systems.
Fortiguard also discussed reverse engineering and analyzing malware with AI. While it stressed that there were usual AI-related problems, such as hallucinations and omissions, the researchers praised the tool’s potential.
“While disassemblers and decompilers have improved over the last decade, this cannot be compared to the level of innovation we are seeing with AI,” the researchers said. “This is outstanding!”
Via BleepingComputer
Leave a comment