Chinese hackers develop effective new hacking technique to go after business networks

News
By
published

Criminals are using new backdoors for persistent access

China
(Image credit: Shutterstock)
  • Security researchers observe Chinese attackers targeting network appliances
  • The code grants them persistent access and a number of different operations
  • Hackers could grab system details, read sensitive user data, and more

Chinese hackers have been seen targeting network appliances with malware which gave them persistent access and the ability to run all sorts of actions.

A new report from cybersecurity researchers Fortiguard (part of Fortinet) dubbed the campaign “ELF/SShdinjector.A!tr”, and attributed the attack to Evasive Panda, also known as Daggerfly, or BRONZE HIGHLAND, a Chinese advanced persistent threat (APT) group active since at least 2012.

The group primarily engages in cyberespionage, targeting individuals, government institutions, and organizations. In the past, it was seen running operations against entities in Taiwan, Hong Kong, and the Tibetan community. We don’t know who the victims in this campaign were.

Analyzing with AI

Fortiguard did not discuss initial access, so we don’t know what gave Evasive Panda the ability to deploy malware. We can only suspect the usual - weak credentials, known vulnerabilities, or devices already infected with backdoors. In any case, Evasive Panda was seen injecting malware in the SSH daemon on the devices, opening up the doors for a wide variety of actions.

For example, the hackers could grab system details, read sensitive user data, access system logs, upload or download files, open a remote shell, run any command remotely, delete specific files from the system, and exfiltrate user credentials.

We last heard of Daggerfly in July 2024, when the group was seen targeting macOS users with an updated version of their proprietary malware. A report from Symantec claimed the new variant was most likely introduced since older variants got too exposed.

In that campaign, the group used a piece of malware called Macma, a macOS backdoor that was first observed in 2020, but it's still not known who built it. Being a modular backdoor, Macma’s key functionalities include device fingerprinting, executing commands, screen grabbing, keylogging, audio capture, and uploading/downloading files from the compromised systems.

Fortiguard also discussed reverse engineering and analyzing malware with AI. While it stressed that there were usual AI-related problems, such as hallucinations and omissions, the researchers praised the tool’s potential.

"While disassemblers and decompilers have improved over the last decade, this cannot be compared to the level of innovation we are seeing with AI," the researchers said. “This is outstanding!”

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

Less than half of ransomware incidents end in payment - but you should still be on your guard
GitHub Webpage

A cracked malicious version of a Go package lay undetected online for years
Sonos Era 300 close-up of logo

The leaked Sonos streaming box could be a huge hit for custom home theaters, if it adds 2 key missing features from the current line-up
See more latest