Related Families: Demodex
Verticals Targeted: Telecommunications
Salt Typhoon Targets Telecoms With GhostSpider
Dec 6, 2024 1:33:32 PM / by The Hivemind posted in Threat Bulletin, APT, China, Emerging Threat, Salt Typhoon, GhostSpider
Evasive Panda Updates Its Arsenal
Jul 29, 2024 2:04:16 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Evasive Panda
Related Families: Macma, Suzafk
Verticals Targeted: NGO
Executive Summary
Evasive Panda recently updated its arsenal to include new TTPs and updated versions of existing malware. They were also observed using a shared framework for malware targeting Windows, Linux, MacOS, and Android systems.
BloodAlchemy Targeted Government Entities in Asia
Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy
Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government
Cuttlefish Targeting SOHO Routers
May 10, 2024 2:07:32 PM / by The Hivemind posted in Threat Bulletin, China, Cuttlefish, HiatusRat, SOHO routers
Related Families: HiatusRat
Targeted Verticals: Telecommunications, Various
Executive Summary
Cuttlefish is a recently discovered modular malware platform observed targeting networking equipment, including enterprise grade SOHO routers.
Evasive Panda's Nightdoor Backdoor
Mar 22, 2024 2:57:50 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Evasive Panda, Nightdoor, MgBot
Related Families: MgBot
Executive Summary
Evasive Panda was recently observed targeting Tibetans using a combination of strategic web compromise and supply chain attacks to deliver Nightdoor.
Mustang Panda Used DOPLUGS PlugX Variant to Target Asia
Mar 1, 2024 12:24:02 PM / by The Hivemind posted in Threat Bulletin, China, Asia, APAC, DOPLUGS, Mustang Panda, SMUGX
Related Families: KillSomeOne, PlugX, Hodur, REDDELTA
Executive Summary
Mustang Panda was observed leveraging DOPLUGS to target entities in Asia. DOPLUGS is a custom PlugX variant.
Volt Typhoon's KV-Botnet
Jan 22, 2024 1:38:21 PM / by The Hivemind posted in Threat Bulletin, APT, Critical Infrastructure, China, Linux, Volt Typhoon, KV-Botnet
Verticals Targeted: Government
Executive Summary
Volt Typhoon was observed compromising Cisco RV325 devices with KV-Botnet.
The Evolution of BPFDoor
Jul 28, 2023 2:38:39 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Red Menshen, BPFDoor