Summary: A Chinese hacking group known as Evasive Panda has exploited network appliances by injecting malware into the SSH daemon for ongoing covert operations. This attack suite, named “ELF/Sshdinjector.A!tr,” has been active since mid-November 2024, enabling a comprehensive range of malicious activities. Fortinet has documented the infection chain, emphasizing that their systems already provide protection against this malware.
Affected: Network appliances
Keypoints :
- The malware is injected into the SSH daemon, allowing for persistent access and various malicious actions.
- Fifteen supported commands include system reconnaissance, credential theft, remote command execution, and file manipulation.
- Fortinet’s AntiVirus service detects this malware as ELF/Sshdinjector.A!tr, ensuring customer protection.