- Security researchers observe Chinese attackers aimed at appliances
- The code gives them persistent access and several different operations
- Computer pirates can obtain system details, read confidential data from users and more
Chinese computer pirates have been seen aimed at network devices with malware that gave them persistent access and the ability to execute all kinds of actions.
A new report by Fortiguard cybersecurity researchers (part of Fortinet) called the “ELF/SSHDinjector.A! (APT) Active group since at least 2012.
The group is mainly involved in cybersionage, aimed at individuals, government institutions and organizations. In the past, operations against entities in Taiwan, Hong Kong and the Tibetan community were working. We do not know who the victims were in this campaign.
Analysis with AI
Fortiguard did not discuss the initial access, so we do not know what gave Evasive Panda the ability to implement malware. We can only suspect weak credentials, known vulnerabilities or devices already infected with rear doors. In any case, Evasive Panda was seen injecting malware into the demon SSH in the devices, opening the doors for a wide variety of actions.
For example, computer pirates could obtain details of the system, read confidential data from the user, access the access system, load or download files, open a remote shell, run any command remotely, delete specific system files and exfiltrate credentials of users.
The last time we listened to Daggerfly in July 2024, when the group aimed at macOS users was seen with an updated version of its patented malware. A Symantec report said that the new variant was probably introduced since the oldest variants were exposed too much.
In that campaign, the group used a piece of malware called Macma, a macOS rear door that was first observed in 2020, but it is not yet known who built it. Being a modular rear door, Macma’s key functionalities include fingerprints of the device, command execution, screen capture, keylogging, audio and loading/unloading files capture/unloading files from the compromised systems.
Fortiguard also discussed reverse engineering and malware analysis with AI. Although he emphasized that there were usual problems related to AI, such as hallucinations and omissions, the researchers praised the potential of the tool.
“While unarmed and decompilers have improved in the last decade, this cannot be compared to the level of innovation we are seeing with AI,” the researchers said. “This is exceptional!”
Through Bleepingcomputer
