Debut of China’s ‘Evasive Panda’ APT with High-End Cloud Hijacking

Published:

spot_img

China-sponsored Evasive Panda Introduces CloudScout Post-Compromise Toolset for Cloud Data Theft

The China-sponsored Evasive Panda hacking crew has introduced a new tool called CloudScout that is causing a stir in the cybersecurity world. This sleek and professional post-compromise toolset is designed to retrieve data from various cloud services using stolen web session cookies, according to researchers at ESET.

ESET uncovered CloudScout while investigating breaches in Taiwan, targeting a religious institution and a government entity. The tool is written in .NET and works seamlessly with MgBot, Evasive Panda’s proprietary malware framework. By using stolen cookies, CloudScout is able to access and infiltrate data from the cloud, targeting services like Google Drive, Gmail, and Outlook.

The sophistication of CloudScout showcases Evasive Panda’s technical capabilities and highlights the importance of cloud-stored documents, user profiles, and email in their espionage operations. The Chinese APT has been operating since at least 2012, focusing mainly on cyber espionage against civil society targets such as independence movements, religious and academic institutions, and supporters of democracy in China.

Evasive Panda has been known to consistently evolve its cyberattack techniques, with CloudScout being the latest iteration in their arsenal. By avoiding authentication checks like two-factor authentication and IP tracking, CloudScout is able to gather sensitive data and exfiltrate it using MgBot or another backdoor called Nightdoor.

Overall, the introduction of CloudScout by Evasive Panda demonstrates the group’s continued dedication to sophisticated cyber espionage operations, further solidifying their position as a significant threat in the cybersecurity landscape.

spot_img

Related articles

Recent articles

From 17,000 to 1.1 Million Assets: Lumen Technologies Strengthens Exposure Management Through Comprehensive Data Reconciliation

From 17,000 to 1.1 Million Assets: Lumen Technologies Strengthens Exposure Management Through Comprehensive Data Reconciliation In a landscape where cybersecurity threats are increasingly sophisticated, accurate...

Sharjah Chamber Strengthens Economic Ties with Uganda and Jordan Through Strategic Discussions

Sharjah Chamber Strengthens Economic Ties with Uganda and Jordan Through Strategic Discussions The Sharjah Chamber of Commerce and Industry (SCCI) has taken significant steps to...

Kanpur Woman Loses ₹4 Lakh in Matrimonial Gift Parcel Cyber Fraud

Kanpur Woman Loses ₹4 Lakh in Matrimonial Gift Parcel Cyber Fraud In a troubling incident from Kanpur, a woman has reportedly fallen victim to a...

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards Cairo: Valu, a prominent financial technology firm in the Middle East and North...