"A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has been linked to a hacking group called Evasive Panda, which is tracked as Bronze Highland, Daggerfly, and StormBamboo."
""The group mainly performed adversary-in-the-middle (AitM) attacks on specific victims," Kaspersky researcher Fatih Şensoy said in a deep-dive analysis. "These included techniques such as dropping loaders into specific locations and storing encrypted parts of the malware on attacker-controlled servers, which were resolved as a response to specific website DNS requests." This is not the first time Evasive Panda's DNS poisoning capabilities have come to the fore."
A China-linked advanced persistent threat group conducted a highly targeted espionage campaign by poisoning DNS requests to deliver the MgBot backdoor to victims in Türkiye, China, and India. Activity was observed between November 2022 and November 2024 and attributed to Evasive Panda, tracked under names such as Bronze Highland, Daggerfly, and StormBamboo and assessed active since at least 2012. The adversary used adversary-in-the-middle techniques, dropping loaders to specific locations and storing encrypted malware parts on attacker-controlled servers that resolved in response to particular DNS queries. Previous incidents included trojanized legitimate applications and ISP compromises to push malicious updates.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]