Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government
BloodAlchemy Targeted Government Entities in Asia
Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy
Cuttlefish Targeting SOHO Routers
May 10, 2024 2:07:32 PM / by The Hivemind posted in Threat Bulletin, China, Cuttlefish, HiatusRat, SOHO routers
Related Families: HiatusRat
Targeted Verticals: Telecommunications, Various
Executive Summary
Cuttlefish is a recently discovered modular malware platform observed targeting networking equipment, including enterprise grade SOHO routers.
Evasive Panda's Nightdoor Backdoor
Mar 22, 2024 2:57:50 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Evasive Panda, Nightdoor, MgBot
Related Families: MgBot
Executive Summary
Evasive Panda was recently observed targeting Tibetans using a combination of strategic web compromise and supply chain attacks to deliver Nightdoor.
Mustang Panda Used DOPLUGS PlugX Variant to Target Asia
Mar 1, 2024 12:24:02 PM / by The Hivemind posted in Threat Bulletin, China, Asia, APAC, DOPLUGS, Mustang Panda, SMUGX
Related Families: KillSomeOne, PlugX, Hodur, REDDELTA
Executive Summary
Mustang Panda was observed leveraging DOPLUGS to target entities in Asia. DOPLUGS is a custom PlugX variant.
Volt Typhoon's KV-Botnet
Jan 22, 2024 1:38:21 PM / by The Hivemind posted in Threat Bulletin, APT, Critical Infrastructure, China, Linux, Volt Typhoon, KV-Botnet
Verticals Targeted: Government
Executive Summary
Volt Typhoon was observed compromising Cisco RV325 devices with KV-Botnet.
The Evolution of BPFDoor
Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor
Executive Summary
Vixen Panda's Graphican Backdoor
Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican
Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial
Executive Summary
Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.
Volt Typhoon Targets US Critical Infrastructure
Jun 5, 2023 2:07:00 PM / by The Hivemind posted in US, Critical Infrastructure, China, Energy, Volt Typhoon, Guam
Verticals Targeted: Critical Infrastructure, Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, Education