March 7, 2024 at 09:21AM
Evasive Panda, a China-based threat actor, conducted cyber attacks targeting Tibetan users through watering hole and supply chain techniques, using malicious downloaders to deploy a backdoor and a new Windows implant. The attacks aimed to infiltrate specific countries and territories, taking advantage of events like the Kagyu Monlam Festival. The campaign also targeted Tibetan software distribution and news websites.
Based on the meeting notes from March 7, 2024, the key takeaways are:
– The China-linked threat actor known as Evasive Panda conducted a series of cyber attacks, including watering hole and supply chain attacks, targeting Tibetan users since September 2023.
– ESET discovered that the attacks aimed to distribute malicious downloaders for Windows and macOS, deploying the backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor.
– The attackers compromised at least three websites to carry out watering-hole attacks and a supply-chain compromise of a Tibetan software company.
– Evasive Panda, also known as Bronze Highland and Daggerfly, was previously disclosed by ESET in April 2023 for targeting an international non-governmental organization (NGO) in Mainland China with MgBot.
– Symantec’s report implicated Evasive Panda to a cyber espionage campaign aimed at infiltrating telecom services providers in Africa since November 2022.
– The latest set of cyber assaults involved the strategic web compromise of the Kagyu International Monlam Trust’s website and targeted users in India, Taiwan, Hong Kong, Australia, and the U.S. using a malicious downloader named “certificate.”
– The attackers took advantage of the annual Kagyu Monlam Festival in India to target the Tibetan community in several countries and territories.
– The campaign infiltrated an Indian software company’s website and supply chain to distribute trojanized Windows and macOS installers of Tibetan language translation software.
– The attackers also abused the compromised websites to host the malicious downloads, including two full-featured backdoors for Windows and payloads for macOS.
These takeaways summarize the significant findings and activities of Evasive Panda’s cyber attacks targeting Tibetan users and organizations.