Chinese hackers create a new effective technique to attack corporate networks.
Criminals are exploiting new backdoors to maintain continuous access.
Cybersecurity researchers have identified a cyberattack campaign carried out by a group of Chinese hackers, targeting network devices through the use of malware that allows for persistent access and execution of various operations. This attack, named “ELF/SShdinjector.A!tr” and attributed to the group Evasive Panda, also known as Daggerfly or BRONZE HIGHLAND, is part of the activities of an advanced persistent threat (APT) group that has been active since at least 2012.
Evasive Panda specializes in cyber espionage, focusing on individuals, government institutions, and organizations. Historically, their operations have included targets in Taiwan, Hong Kong, and the Tibetan community. However, it has not yet been determined who the specific victims of this campaign are.
The researchers' report does not detail how Evasive Panda was able to access the initial devices to implement the malware. The usual causes are presumed, such as the use of weak credentials, exploitation of known vulnerabilities, or the presence of already infected devices with backdoors. Once access was gained, the hackers injected malware into the SSH daemon of the devices, which granted them the ability to perform various actions.
The possibilities for the attackers are extensive: they could gather system details, read sensitive user information, access system logs, upload or download files, open a remote terminal, execute commands remotely, delete specific files, and exfiltrate user credentials.
The last known activity of Daggerfly was in July 2024, when they targeted macOS users with an updated version of their malware. A previous report mentioned that this new variant was likely developed in response to the exposure of older versions.
In that campaign, malware known as Macma was used, a backdoor for macOS that first appeared in 2020, although its creator remains unknown. This modular backdoor has key functionalities such as creating device fingerprints, executing commands, capturing screens, logging keystrokes, capturing audio, and the ability to upload and download files from compromised systems.
Furthermore, the analysis of malware using artificial intelligence was discussed by the researchers, who, despite the typical issues related to the use of this technology, such as illusions and omissions, acknowledged its innovative potential. According to the researchers, although disassembly and decompilation tools have improved over the past decade, the level of innovation observed with artificial intelligence is remarkable.
