TZUTC: -0500   
   MSGID: 69.consprcy@1:2320/105 2c0a0d68   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Chinese hackers develop effective new hacking technique to go after business   
   networks   
      
   Date:   
   Wed, 05 Feb 2025 17:50:00 +0000   
      
   Description:   
   Cybercriminals are using new backdoors for persistent access and remote code   
   execution, experts warn   
      
   FULL STORY   
   ======================================================================   
    - Security researchers observe Chinese attackers targeting network appliances   
    - The code grants them persistent access and a number of different operations   
    - Hackers could grab system details, read sensitive user data, and more   
      
   Chinese hackers have been seen targeting network appliances with malware    
   which gave them persistent access and the ability to run all sorts of    
   actions.    
      
   A new report from cybersecurity researchers Fortiguard (part of Fortinet)   
   dubbed the campaign ELF/SShdinjector.A!tr, and attributed the attack to   
   Evasive Panda, also known as Daggerfly, or BRONZE HIGHLAND, a Chinese    
   advanced persistent threat (APT) group active since at least 2012.    
      
   The group primarily engages in cyberespionage, targeting individuals,   
   government institutions, and organizations. In the past, it was seen running   
   operations against entities in Taiwan, Hong Kong, and the Tibetan community.   
   We dont know who the victims in this campaign were.   
      
   Analyzing with AI    
      
   Fortiguard did not discuss initial access, so we dont know what gave Evasive   
   Panda the ability to deploy malware. We can only suspect the usual - weak   
   credentials, known vulnerabilities, or devices already infected with   
   backdoors. In any case, Evasive Panda was seen injecting malware in the SSH   
   daemon on the devices, opening up the doors for a wide variety of actions.    
      
   For example, the hackers could grab system details, read sensitive user data,   
   access system logs, upload or download files, open a remote shell, run any   
   command remotely, delete specific files from the system, and exfiltrate user   
   credentials.    
      
   We last heard of Daggerfly in July 2024, when the group was seen targeting   
   macOS users with an updated version of their proprietary malware.  A report   
   from Symantec claimed the new variant was most likely introduced since older   
   variants got too exposed.    
      
   In that campaign, the group used a piece of malware called Macma, a macOS   
   backdoor that was first observed in 2020, but it's still not known who built   
   it. Being a modular backdoor, Macmas key functionalities include device   
   fingerprinting, executing commands, screen grabbing, keylogging, audio   
   capture, and uploading/downloading files from the compromised systems.    
      
   Fortiguard also discussed reverse engineering and analyzing malware with AI.   
   While it stressed that there were usual AI-related problems, such as   
   hallucinations and omissions, the researchers praised the tools potential.    
      
   "While disassemblers and decompilers have improved over the last decade, this   
   cannot be compared to the level of innovation we are seeing with AI," the   
   researchers said. This is outstanding!    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/chinese-hackers-develop-effective-new-h   
   acking-technique-to-go-after-business-networks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426