Chinese threat actors strike again
Users of a Tibetan language translation app and website visitors to a Buddhist festival were compromised by a focused watering-hole malware connected to a Chinese threat group.
According to recent data from ESET, the so-called Evasive Panda hacking team’s cyber-operations campaign started in September 2023 or earlier and impacted systems in Taiwan, Hong Kong, Taiwan, Australia, and the United States.
During the campaign, the attackers gained access to the websites of three different businesses: a development company that provides translations into Tibetan; an organization based in India that promotes Tibetan Buddhism; and the news website Tibetpost, which unintentionally contained dangerous applications. Specific global geographic visitors to the sites were infected with droppers and backdoors, which included Nightdoor, a relatively new backdoor application, and the group’s favourite MgBot.
Adversary in the middle attacks
According to ESET researcher Anh Ho, who uncovered the attack, the organization used an astonishing range of attack vectors in the campaign, including phishing emails, watering holes, and adversary-in-the-middle (AitM) attacks via software updates that took advantage of development servers.
“The fact that they orchestrate both a supply chain and watering-hole attack with
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.