Chinese APT group ‘Evasive Panda’ targeting Taiwan on multiple platforms

Published:

“Chinese APT Evasive Panda Upgrades Malware Capabilities Across OSes”

Cybersecurity experts have detected a concerning trend in the world of espionage. A Chinese advanced persistent threat (APT) known as Evasive Panda, or Daggerfly as tracked by Symantec, is ramping up its capabilities by developing and refining malware across multiple operating systems.

Evasive Panda has a history of targeting telecommunications companies, government agencies, NGOs, universities, and individuals of interest to the Chinese state. Recently, it has stepped up its attacks, focusing primarily on targets in Taiwan and even infiltrating an American NGO based in China.

What sets Evasive Panda apart is its ability to create malware for various platforms, including Windows, macOS, Android, Linux, and even Solaris. According to Dick O’Brien, principal intelligence analyst at Symantec, this diversity in targeting platforms is exceptional. Most APT groups concentrate on two or three platforms, but Evasive Panda has the ambition and skills to target every major OS, demonstrating a rare level of sophistication.

One of the key tools in Evasive Panda’s arsenal is the modular MgBot malware, which has been deployed in recent attacks. Additionally, the group has introduced new tools like Nightdoor, which is accompanied by a backdoor loaded with sophisticated anti-analysis tricks.

To infiltrate Mac systems, Evasive Panda utilizes the Macma backdoor, which has seen updates and refinements over the years, showcasing the group’s ongoing commitment to development and sophistication in their cyber operations.

As Evasive Panda continues to evolve and adapt its malware capabilities, cybersecurity experts remain vigilant in monitoring and countering these advanced threats to protect individuals and organizations from potential cyber attacks.

Related articles

Recent articles