Evasive Panda, a Chinese-speaking advanced persistent threat (APT) group, has been observed targeting an international non-governmental organization in Mainland China via malicious updates of legitimate applications, such as Tencent QQ.
The attack chains are designed to distribute MgBot malware, a modular malware framework capable of stealing files, logging keystrokes, harvesting clipboard data, recording audio streams, and credential theft from web browsers.
The targeted users were located in the Gansu, Guangdong, and Jiangsu provinces.
It is possible the attackers managed to deliver the implant through a supply chain compromise of Tencent QQ’s update servers or a case of an adversary-in-the-middle (AitM) attack.
This is the latest in a series of cyber espionage attacks targeting various entities in East and South Asia since late December 2012.
π Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ποΈ
If not, consider contributing to my caffeine supply at Buy Me a Coffee βοΈ.
Your clicks = cosmic support for more awesome content! ππ
Leave a Reply