- Security researchers observe Chinese attackers targeting network devices
- The code grants them persistent access and a number of different operations
- Pirates could enter the system details, read sensitive user data, and more
Chinese pirates have been seen targeting network devices with malware, which gave them persistent access and the possibility of performing all kinds of actions.
A new report by Fortiguard cybersecurity researchers (Fortinet part) nicknamed the “Elf / Sshdinjector.a! TR “, and attributed the attack to Evasive Panda, also known as Daggerfly, or Bronze Highland, a persistent Chinese advanced threat (APT) active group since at least 2012.
The group is mainly engaged in cyberspionage, targeting individuals, government institutions and organizations. In the past, operations were seen against entities in Taiwan, Hong Kong and in the Tibetan community. We do not know who were the victims of this campaign.
Analysis with AI
Fortiguard has not discussed the initial access, so we do not know what gave Evasive Panda the possibility of deploying malicious software. We can only suspect the usual – weak identification information, known vulnerabilities or devices already infected with wanderings. In any case, an evasive panda has been seen injecting malicious software into the SSH demon on devices, opening the doors with a wide variety of actions.
For example, hackers can enter system details, read sensitive user data, access system newspapers, download or download files, open a remote shell, run any remote control, delete specific files from the specific files System and exfiltrate user identification information.
We have heard of for the last time in July 2024, when the group was seen targeting macOS users with an updated version of their owner malware. A Symantec report said that the new variant had probably been introduced because the older variants were too exposed.
In this campaign, the group used a malware called MacMa, a macOS stolen door which was observed for the first time in 2020, but we still do not know who built it. Being a modular stolen door, the key macMA features include the fingerprint of the device, the execution of the commands, the screen entry, the keylogging, the audio capture and the downloading of files from the systems compromise.
Fortiguard also discussed reverse engineering and the analysis of malware with AI. Although he pointed out that there were problems related to the usual AI, such as hallucinations and omissions, the researchers praised the potential of the tool.
“Although demons and decompilers have improved over the past decade, this cannot be compared to the level of innovation that we see with AI,” said the researchers. “It’s exceptional!”
Via Bleeping Compompute
