A China-linked APT group, Evasive Panda, conducted targeted cyber espionage campaigns using DNS poisoning to deliver the MgBot backdoor. The group has shown advanced techniques to evade detection and maintain persistence on victim systems. #EvasivePanda #MgBot
Keypoints
- Evasive Panda has been active since at least 2012, conducting sophisticated DNS poisoning attacks.
- The threat group targets victims in TΓΌrkiye, China, and India through adversary-in-the-middle (AiTM) techniques.
- They use fake software updates from popular services to distribute malware like MgBot and other payloads.
- The malware can harvest data, record audio, steal credentials, and maintain long-term stealthy operations.
- The group employs complex encryption and stealth tactics, such as custom algorithms and dynamic payloads, to evade detection.
Read More: https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html