Mustang Panda Emerges With New TTPs
Apr 25, 2025 1:46:23 PM / by The Hivemind posted in Threat Bulletin, China, TTPs, Mustang Panda, ToneShell, StarProxy
Verticals Targeted: Government, Military, NGOs
BPFDoor Campaign Targets Asia and Middle East
Apr 18, 2025 1:50:39 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Backdoor, Red Menshen, BPFDoor
Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote
Executive Summary
A newly discovered BPFDoor controller enhances the backdoor’s stealth, targeting Linux and Solaris systems in Asia and the Middle East. Attributed to Red Menshen, this state-sponsored threat compromises critical sectors with advanced evasion techniques.
Lotus Panda Uses Sagerunex to Target Multiple Verticals
Mar 10, 2025 2:08:01 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Lotus Panda, Lotus Blossom, Sagerunex
Verticals Targeted: Government, Telecommunications, Media, Manufacturing
Silver Fox Targeting Medical Devices
Mar 3, 2025 2:02:05 PM / by The Hivemind posted in Threat Bulletin, China, Evolving Threat, SilverFox, Medical, ValleyRAT
Related Families: ValleyRAT
Verticals Targeted: Medical
Executive Summary
Chinese threat actor Silver Fox was recently observed targeting medical devices in a sophisticated campaign that delivers multiple malware families, including ValleyRAT.
Chinese Threat Actors Using BadIIS to Manipulate SEO
Feb 14, 2025 1:01:25 PM / by The Hivemind posted in Threat Bulletin, China, BadIIS, SEO manipulation, DragonRank
Verticals Targeted: Government, Education, Technology, Telecommunications
Executive Summary
Chinese threat actors were recently observed using BadIIS to manipulate SEO and direct victims to illegal gambling sites.
Evasive Panda Uses SSH Backdoor to Target Network Devices
Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr
Executive Summary
Salt Typhoon Targets Telecoms With GhostSpider
Dec 6, 2024 1:33:32 PM / by The Hivemind posted in Threat Bulletin, APT, China, Emerging Threat, Salt Typhoon, GhostSpider
Related Families: Demodex
Verticals Targeted: Telecommunications
Executive Summary
Salt Typhoon, a China nexus APT group, was recently observed using GhostSpider backdoor to target telecommunications companies.
Evasive Panda Updates Its Arsenal
Jul 29, 2024 2:04:16 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Evasive Panda
Related Families: Macma, Suzafk
Verticals Targeted: NGO