March 8, 2024 at 08:03AM
Cybersecurity firm ESET reports that a Chinese APT group known as Evasive Panda has been targeting Tibetans through watering hole and supply chain attacks. The group has a history of cyberespionage operations primarily targeting government entities in China, India, and other Asian countries. Evasive Panda has been leveraging compromised websites to infect visitors with malware.
Based on the meeting notes, it was reported that a Chinese advanced persistent threat (ATP) actor, referred to as Evasive Panda, has been observed targeting Tibetans in watering hole and supply chain attacks. The ATP has been active since at least 2012, historically targeting government entities in China, India, and various Asian countries to conduct cyberespionage operations. Specifically, it was noted that the ATP has been targeting Tibetans in multiple countries in a watering hole attack that leverages the compromised website of the Monlam Festival’s organizer to infect visitors with malware based on their IP addresses. Additionally, Evasive Panda compromised the website of an Indian company to disseminate trojanized applications delivering Windows and macOS downloaders. The Nightdoor backdoor, which has been in use since at least 2020, was deployed against an organization in Vietnam and is capable of collecting system and disk drive information, information on applications and running processes, creating a reverse shell, and manipulating and deleting files. ESET also attributes this campaign to the Evasive Panda APT group, based on the use of MgBot and Nightdoor malware. The ATP likely leveraged interest in the Monlam festival to infect users visiting the festival’s website.
Let me know if you need further information or assistance with anything else.