Chinese hackers develop effective new hacking technique to go after business networks
Date:
Wed, 05 Feb 2025 17:50:00 +0000
Description:
Cybercriminals are using new backdoors for persistent access and remote code execution, experts warn
FULL STORY ======================================================================
- Security researchers observe Chinese attackers targeting network appliances
- The code grants them persistent access and a number of different operations
- Hackers could grab system details, read sensitive user data, and more
Chinese hackers have been seen targeting network appliances with malware
which gave them persistent access and the ability to run all sorts of
actions.
A new report from cybersecurity researchers Fortiguard (part of Fortinet) dubbed the campaign ELF/SShdinjector.A!tr, and attributed the attack to
Evasive Panda, also known as Daggerfly, or BRONZE HIGHLAND, a Chinese
advanced persistent threat (APT) group active since at least 2012.
The group primarily engages in cyberespionage, targeting individuals, government institutions, and organizations. In the past, it was seen running operations against entities in Taiwan, Hong Kong, and the Tibetan community.
We dont know who the victims in this campaign were.
Analyzing with AI
Fortiguard did not discuss initial access, so we dont know what gave Evasive Panda the ability to deploy malware. We can only suspect the usual - weak credentials, known vulnerabilities, or devices already infected with
backdoors. In any case, Evasive Panda was seen injecting malware in the SSH daemon on the devices, opening up the doors for a wide variety of actions.
For example, the hackers could grab system details, read sensitive user data, access system logs, upload or download files, open a remote shell, run any command remotely, delete specific files from the system, and exfiltrate user credentials.
We last heard of Daggerfly in July 2024, when the group was seen targeting macOS users with an updated version of their proprietary malware. A report from Symantec claimed the new variant was most likely introduced since older variants got too exposed.
In that campaign, the group used a piece of malware called Macma, a macOS backdoor that was first observed in 2020, but it's still not known who built it. Being a modular backdoor, Macmas key functionalities include device fingerprinting, executing commands, screen grabbing, keylogging, audio
capture, and uploading/downloading files from the compromised systems.
Fortiguard also discussed reverse engineering and analyzing malware with AI. While it stressed that there were usual AI-related problems, such as hallucinations and omissions, the researchers praised the tools potential.
"While disassemblers and decompilers have improved over the last decade, this cannot be compared to the level of innovation we are seeing with AI," the researchers said. This is outstanding!
Via BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/pro/security/chinese-hackers-develop-effective-new-h acking-technique-to-go-after-business-networks
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)