Chinese Hackers Target Taiwan and US NGO with MgBot Malware

Chinese Hackers Target Taiwan and US NGO with MgBot Malware

July 23, 2024 at 09:31AM

Taipei and U.S. NGOs targeted by state-affiliated Chinese hacking group Daggerfly, using upgraded malware tools. Symantec reports the group engages in internal espionage, exploits Apache HTTP server vulnerability, and quickly adapts to continue espionage activities. New malware linked to Daggerfly includes MACMA and Nightdoor, targeting major operating systems. CVERC accuses U.S. of misinformation.

The meeting notes discuss cyber espionage activities by a Beijing-affiliated state-sponsored hacking group called Daggerfly targeting organizations in Taiwan, a U.S. non-governmental organization based in China, and telecom service providers in Africa. The group has been observed using upgraded malware tools, including a new malware based on MgBot, an improved version of a known Apple macOS malware called MACMA, and a new implant called Nightdoor. These tools are capable of targeting major operating system platforms and have been linked to espionage activities.

Additionally, the notes mention the denial from China’s National Computer Virus Emergency Response Center (CVERC) regarding the Volt Typhoon group, attributing it to U.S. intelligence agencies and describing it as a misinformation campaign aimed at defaming China.

Overall, the notes highlight the growing sophistication and reach of cyber espionage activities by Daggerfly and the geopolitical implications of such activities.

Full Article