A Chinese cyber-espionage group, Evasive Panda (also known as DaggerFly), has been using a newly discovered SSH backdoor, "ELF/Sshdinjector.A!tr," to infiltrate network devices since November 2024. This malware injects into the SSH daemon of compromised devices, providing persistent access for various malicious activities.
The malware, which includes several components like a malicious SSH library, allows attackers to remotely control the device, collect system data, steal credentials, and manipulate files. The group has previously targeted organizations with espionage campaigns, including supply chain attacks and intelligence gathering.
While the initial breach method is unclear, once compromised, the malware enables command-and-control communication, allowing attackers to issue up to 15 different commands, such as executing remote commands, exfiltrating data, and modifying system files.
Fortinet’s FortiGuard service has detected the threat and offers protection under the names ELF/Sshdinjector.A!tr and Linux/Agent.ACQ!tr. The company also explored the malware using AI-assisted tools, highlighting advancements in cybersecurity analysis.
Read more...