Verticals Targeted: Gambling
Regions Targeted: Philippines, Cambodia, United Arab Emirates, China, Hong Kong
Related Families: WizardNet, DarkNights (DarkNimbus)
TheWizards Use Spellbinder to Conjure Lateral Movement
May 5, 2025 11:09:59 AM / by The Hivemind posted in Threat Bulletin, China, TheWizards, Spellbinder, WizardNet
Mustang Panda Emerges With New TTPs
Apr 25, 2025 1:46:23 PM / by The Hivemind posted in Threat Bulletin, China, TTPs, Mustang Panda, ToneShell, StarProxy
Verticals Targeted: Government, Military, NGOs
Regions Targeted: Myanmar, East Asia, Europe
Executive Summary
Mustang Panda has enhanced its arsenal with updated ToneShell backdoor variants and a new lateral movement tool, StarProxy, targeting organizations in Myanmar and other regions. These tools employ advanced evasion techniques, including FakeTLS protocols and DLL sideloading, to facilitate espionage.
BPFDoor Campaign Targets Asia and Middle East
Apr 18, 2025 1:50:39 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Backdoor, Red Menshen, BPFDoor
Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote
Executive Summary
A newly discovered BPFDoor controller enhances the backdoor’s stealth, targeting Linux and Solaris systems in Asia and the Middle East. Attributed to Red Menshen, this state-sponsored threat compromises critical sectors with advanced evasion techniques.
Lotus Panda Uses Sagerunex to Target Multiple Verticals
Mar 10, 2025 2:08:01 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Lotus Panda, Lotus Blossom, Sagerunex
Verticals Targeted: Government, Telecommunications, Media, Manufacturing
Silver Fox Targeting Medical Devices
Mar 3, 2025 2:02:05 PM / by The Hivemind posted in Threat Bulletin, China, Evolving Threat, SilverFox, Medical, ValleyRAT
Related Families: ValleyRAT
Verticals Targeted: Medical
Executive Summary
Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.
Chinese Threat Actors Using BadIIS to Manipulate SEO
Feb 14, 2025 1:01:25 PM / by The Hivemind posted in Threat Bulletin, China, BadIIS, SEO manipulation, DragonRank
Verticals Targeted: Government, Education, Technology, Telecommunications
Executive Summary
Chinese threat actors were recently observed using BadIIS to manipulate SEO and direct victims to illegal gambling sites.
Evasive Panda Uses SSH Backdoor to Target Network Devices
Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr
Executive Summary
Salt Typhoon Targets Telecoms With GhostSpider
Dec 6, 2024 1:33:32 PM / by The Hivemind posted in Threat Bulletin, APT, China, Emerging Threat, Salt Typhoon, GhostSpider
Related Families: Demodex
Verticals Targeted: Telecommunications