Chinese hackers develop effective new hacking technique to go after business networks

China
(Image credit: Shutterstock)

  • Security researchers observe Chinese attackers targeting network appliances
  • The code grants them persistent access and a number of different operations
  • Hackers could grab system details, read sensitive user data, and more

Chinese hackers have been seen targeting network appliances with malware which gave them persistent access and the ability to run all sorts of actions.

A new report from cybersecurity researchers Fortiguard (part of Fortinet) dubbed the campaign “ELF/SShdinjector.A!tr”, and attributed the attack to Evasive Panda, also known as Daggerfly, or BRONZE HIGHLAND, a Chinese advanced persistent threat (APT) group active since at least 2012.

The group primarily engages in cyberespionage, targeting individuals, government institutions, and organizations. In the past, it was seen running operations against entities in Taiwan, Hong Kong, and the Tibetan community. We don’t know who the victims in this campaign were.

Analyzing with AI

Fortiguard did not discuss initial access, so we don’t know what gave Evasive Panda the ability to deploy malware. We can only suspect the usual - weak credentials, known vulnerabilities, or devices already infected with backdoors. In any case, Evasive Panda was seen injecting malware in the SSH daemon on the devices, opening up the doors for a wide variety of actions.

For example, the hackers could grab system details, read sensitive user data, access system logs, upload or download files, open a remote shell, run any command remotely, delete specific files from the system, and exfiltrate user credentials.

We last heard of Daggerfly in July 2024, when the group was seen targeting macOS users with an updated version of their proprietary malware. A report from Symantec claimed the new variant was most likely introduced since older variants got too exposed.

In that campaign, the group used a piece of malware called Macma, a macOS backdoor that was first observed in 2020, but it's still not known who built it. Being a modular backdoor, Macma’s key functionalities include device fingerprinting, executing commands, screen grabbing, keylogging, audio capture, and uploading/downloading files from the compromised systems.

Fortiguard also discussed reverse engineering and analyzing malware with AI. While it stressed that there were usual AI-related problems, such as hallucinations and omissions, the researchers praised the tool’s potential.

"While disassemblers and decompilers have improved over the last decade, this cannot be compared to the level of innovation we are seeing with AI," the researchers said. “This is outstanding!”

Via BleepingComputer

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
China
Chinese hackers targeting Juniper Networks routers, so patch now
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Mustang Panda
Chinese hackers abuse Microsoft tool to get past antivirus and cause havoc
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Latest in Security
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Latest in News
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11