Related Families: MgBot
Evasive Panda's Nightdoor Backdoor
Mar 22, 2024 2:57:50 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Evasive Panda, Nightdoor, MgBot
Mustang Panda Used DOPLUGS PlugX Variant to Target Asia
Mar 1, 2024 12:24:02 PM / by The Hivemind posted in Threat Bulletin, China, Asia, APAC, DOPLUGS, Mustang Panda, SMUGX
Related Families: KillSomeOne, PlugX, Hodur, REDDELTA
Executive Summary
Mustang Panda was observed leveraging DOPLUGS to target entities in Asia. DOPLUGS is a custom PlugX variant.
Volt Typhoon's KV-Botnet
Jan 22, 2024 1:38:21 PM / by The Hivemind posted in Threat Bulletin, APT, Critical Infrastructure, China, Linux, Volt Typhoon, KV-Botnet
Verticals Targeted: Government
Executive Summary
Volt Typhoon was observed compromising Cisco RV325 devices with KV-Botnet.
The Evolution of BPFDoor
Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor
Executive Summary
Vixen Panda's Graphican Backdoor
Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican
Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial
Executive Summary
Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.
Volt Typhoon Targets US Critical Infrastructure
Jun 5, 2023 2:07:00 PM / by The Hivemind posted in US, Critical Infrastructure, China, Energy, Volt Typhoon, Guam
Verticals Targeted: Critical Infrastructure, Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, Education
Executive Summary
Volt Typhoon was discovered targeting critical infrastructure entities in the US mainland and Guam. Volt Typhoon maintained stealth throughout this espionage campaign.
Winnti Subgroup Earth Longzhi Uses New TTPs
May 19, 2023 2:28:29 PM / by The Hivemind posted in Threat Bulletin, China, Winnti, TTPs, Stack Rumbling, Earth Longzhi
Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing
Executive Summary
Earth Longzhi, a Winnti subgroup, was recently observed using new TTPs, including a novel technique dubbed stack rumbling.
PingPull Linux Variant
May 8, 2023 3:05:38 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, PingPull, Gallium, RAT, Sword2033
Related Families: Sword2033
Executive Summary
China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.