Daggerfly

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group primarily conducts cyber espionage operations against individuals in mainland China, Hong Kong, Macao, and Nigeria, as well as specific organizations in these regions. DaggerFly shares similarities with other Chinese intrusion sets, including APT41, Mustang Panda, Tonto Team, and Dark Pink. These groups have increasingly used DLL side-loading (T1574.002) to load their malware onto targeted machines. Between November 2022 and April 2023, DaggerFly launched a significant cyber espionage campaign against an African telecommunications organization. This action aligns with another intrusion set, Gallium (aka Alloy Taurus), which notably targeted telecommunication entities in the Middle East during the SoftCell campaign. Both Gallium and DaggerFly share similarities with APT10 and APT41, indicating potential coordination or shared tactics, techniques, and procedures (TTPs) among these threat actors. In recent developments, DaggerFly has expanded its target list globally, launching a cyberespionage campaign against Tibetans as reported on March 8, 2024. This sophisticated operation demonstrates the group's ongoing evolution and expanding geopolitical interests. DaggerFly's activities overlap with those of APT41, a cybercriminal and espionage group identified by Google Mandiant, further underscoring the complexity and interconnectedness of these threat actors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Evasive Panda
4
Evasive Panda, also known as BRONZE HIGHLAND and Daggerfly, is a threat actor group believed to be aligned with China. This group has been involved in a series of cyberespionage campaigns targeting Tibetans globally, starting from September 2023 or earlier. The group's operations have impacted syste
Bronze Highland
4
Bronze Highland, also known as Evasive Panda and Daggerfly, is a Chinese-speaking advanced persistent threat (APT) group that has been active since at least 2012. The group has been observed conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. It targets no
APT41
2
APT41, also known as Winnti, Wicked Panda, Barium, Suckfly, Earth Freybug, and Daggerfly, is a sophisticated threat actor attributed to China that has been active since at least 2012. The group targets organizations across various sectors including public administration, professional services, scien
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Evasive
Malware
Espionage
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MgbotUnspecified
2
MgBot is a sophisticated malware used exclusively by the threat actor group known as Evasive Panda. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computer systems without the user's knowledge. Once inside, M
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Daggerfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Daggerfly Cyberattack Campaign Strikes African Telecom Providers | IT Security News
CERT-EU
a year ago
Novel macOS malware leveraged in BlueNoroff attacks
CERT-EU
8 months ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU
a year ago
Alibaba Cloud's PostgreSQL databases impacted by critical bugs
CERT-EU
a year ago
Cyber security week in review: April 21, 2023
InfoSecurity-magazine
10 months ago
Ukraine's CERT-UA Exposes Gamaredon's Rapid Data Theft Methods
InfoSecurity-magazine
a year ago
Evasive Panda's Backdoor MgBot Delivered Via Chinese Software Updates
DARKReading
a year ago
China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
CERT-EU
2 months ago
Chinese Panda APT Hacking Websites To Infect Windows And MacOS Users
CERT-EU
2 months ago
Evasive Panda leverages Monlam Festival to target Tibetans
ESET
a year ago
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
InfoSecurity-magazine
2 months ago
Evasive Panda Targets Tibet With Trojanized Software
CERT-EU
2 months ago
China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Cyber security week in review: April 28, 2023
CERT-EU
2 months ago
Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
CERT-EU
2 months ago
Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
DARKReading
2 months ago
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks