Evasive Panda Hacking Group Using New Macma macOS Backdoor

The Chinese hacking group 'Evasive Panda' has been observed deploying new versions of the Macma backdoor and Nightdoor Windows malware. Symantec's threat hunting team identified cyber espionage attacks targeting organizations in Taiwan and a US NGO in China. In the latter case, Evasive Panda, also known as 'Daggerfly' or 'Bronze Highland', exploited an Apache HTTP server flaw to distribute a new version of their MgBot malware framework, indicating ongoing efforts to update tools and avoid detection. Evasive Panda, active since at least 2012, conducts espionage operations both domestically and internationally. Recently, ESET detected unusual activity where the group used Tencent QQ software updates to infect NGO members in China with MgBot malware. The breaches occurred via a supply chain or adversary-in-the-middle attack, underscoring the sophisticated tactics employed by the threat actor. Read more...