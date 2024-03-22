



Cybersecurity experts at ESET discovered a malicious campaign targeting Tibetans in many countries by exploiting the website of a religious gathering. Panda Evasive Cyberattacks are associated with an advanced persistent threat (APT) actor linked to China. The development comes a few days after the MoqHao Cybersecurity Threat which was also linked to Chinese hackers belonging to Roaming Mantis. The website of the Monlam festival, the annual religious event, has been compromised by adding malicious code to create a watering hole attack. The target audience of Panda Evasive Cyberattacks was located in Hong Kong, India, Australia, Taiwan and the United States. In this article, we will go into detail about the watering hole attacks and supply chain cyberattacks by Evasive Panda as well as the cyberespionage techniques used by this advanced persistent threat (APT) actor. Evasive panda Background

Evasive Panda has been on the scene since 2012. The Advanced Persistent Threat (APT) group is linked to the Chinese government and has carried out several attacks against government entities in the Philippines, Taiwan, Myanmar and Vietnam. These Panda Evasive Cyberattacks aligned with China's geopolitical interests.

Cyber ​​espionage techniques by Evasive Panda

The cyberespionage campaign began last September and targets Tibetans with corrupt translation software. This software is compatible with Windows and macOS. In addition to the software, thesecyber attacks Also worth mentioning is the compromise of the website of a religious gathering, which takes place every year in India. The reason researchers were able to link the cyberattacks to China-linked hackers is because Evasive Panda's malware tactics matched their previous ones. attacks on networks in East Asia. The researchers stated that the intention of Evasive panda was most likely to enjoy the Monlam festival which takes place in Bodhgaya, India.

Evasive Panda Cyberattacks Discovered

Tibetan language translation software developed by an Indian software company was also attacked and compromised by Evasive Panda. The end goal of these attacks is to deploy a backdoor called MgBot or Nightdoor via malicious downloaders. ESET cybersecurity experts said at least three websites were attacked and compromised by Evasive Panda attackers with the aim of carrying out supply chain cyberattacks and watering hole attacks. Two executables are used as launching pads for Panda Evasive Cyberattacks: certificate.exe for Windows and certificate.pkg for macOS. These executables help load the Nightdoor implant which abuses the Google Drive API. The backdoor has the ability to collect information and perform file operations.

Conclusion Cyber ​​attacks are on the rise and becoming more and more complex with each passing day and the Panda Evasive Cyberattacks are last on the list. Falling prey to such cyberattacks can have drastic consequences, such as reputational damage and financial damage. Considering this, it is recommended that organizations implement proactive cybersecurity measures to guard against such attacks and improve their security posture.

Sources 1/ https://Google.com/ 2/ https://securityboulevard.com/2024/03/evasive-panda-cyber-attacks-threat-actor-targets-tibetans/

