Using stolen Web session cookies, Evasive Panda, a China-sponsored hacking team, has unveiled CloudScout, a sleek and professional toolset created to recover data from compromised cloud services.
ESET researchers have discovered CloudScout through an investigation into a couple of past breaches in Taiwan (both targeting religious institutions and government organizations), which brought them to the attention of the company.
The CloudScout application is written in .NET and was designed to offer seamless integration with MgBot, Evasive Panda’s proprietary malware framework.
In a step-by-step process, MgBot feeds CloudScout previously stolen cookies, then uses the pass-the-cookie technique to use the stolen cookies to access and infiltrate data on the cloud – a method that allows hacker to hijack authenticated Web browser sessions by hijacking the cookies.
There are several names given to the “evasive Panda” group, including the “BRONZE HIGHLAND,” the “Daggerfly,” and the “StormBamboo” group. This group has operated at least since 2012.
The objective of Evasive Panda is to engage in cyberespionage campaigns against countries, institutions, and individuals that oppose China’s interests through the preparation and dissemination of spies, such as those in the Tibetan diaspora, religious and academic groups in Taiwan, Hong Kong, and groups supporting democracy within the Chinese society. As well as being observed in certain instances, its cybe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: