Kaspersky researchers uncovered a sophisticated cyber-espionage campaign by the China-linked APT group Evasive Panda using DNS poisoning and custom malware to target victims in Türkiye, China, and India since 2022. The group employing stealthy loaders and encrypted backdoors, such as MgBot, demonstrates persistent and evolving tactics to evade detection. #EvasivePanda #MgBot
Keypoints
- Evasive Panda has been active for over a decade, using advanced techniques for cyber espionage.
- The group utilized DNS poisoning to deliver malware disguised as legitimate software updates.
- Stealthy loaders and encrypted payloads enable long-term undetected access to targeted systems.
- The campaign employed multi-stage deployment, including custom loaders and victim-specific implants.
- Researchers note ongoing evolution in tactics, indicating potential for future campaigns.