Daggerfly

Threat Actor updated 2 months ago (2024-07-23T12:17:44.027Z)
Download STIX
Preview STIX
DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since 2012. The group is known for its cyberespionage activities targeting individuals in mainland China, Hong Kong, Macao, and Nigeria. In addition to these regions, DaggerFly has also targeted specific organizations within China and Hong Kong. The group is part of a larger set of Chinese intrusion sets, including APT41, Mustang Panda, Tonto Team, and Dark Pink, which have increasingly used DLL side-loading techniques to load their malware onto targeted machines. Between November 2022 and April 2023, DaggerFly conducted a significant cyber espionage campaign against an African telecommunications organization. This attack was similar to the one carried out by Gallium (also known as Alloy Taurus), another intrusion set sharing similarities with APT10 and APT41, which targeted telecommunication entities in the Middle East during the SoftCell campaign. DaggerFly's attacks were identified through their use of unique tools such as the MgBot modular malware framework and a new Windows backdoor, dubbed Trojan.Suzafk or Nightdoor, first identified by Eset researchers. In recent years, DaggerFly has expanded its reach, launching a global cyberespionage campaign targeting Tibetans. This was reported in March 2024 by hackread.com, citing Antivirus and Internet Security Solutions provider ESET. The group is also likely behind the previously unattributed Macma backdoor loaded onto iPhone and macOS devices. Symantec has tracked DaggerFly's activities closely, linking them to several significant incidents, including the 2021 Hong Kong Waterhole Attacks and attacks on a telecommunications organization in Africa during 2023.
Description last updated: 2024-07-23T12:16:16.713Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bronze Highland
5
Bronze Highland, also known as Evasive Panda and Daggerfly, is a Chinese-speaking advanced persistent threat (APT) group that has been active since at least 2012. The group conducts cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria, along with specific organizations
Evasive Panda
5
Evasive Panda, a threat actor group also known as Bronze Highland and Daggerfly, has been identified as a significant cybersecurity threat. This group, believed to be aligned with China, has been deploying custom implants such as MgBot, Nightdoor, and a macOS downloader component, using these tools
APT41
2
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Evasive
Backdoor
Symantec
Macos
Android
Espionage
Windows
DNS
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
MgbotUnspecified
4
MgBot is a malicious software (malware) used exclusively by the cyber threat group known as Evasive Panda. This malware, along with another custom-made Windows backdoor called Nightdoor, forms part of the group's toolkit for cyber attacks. These tools are typically delivered via malicious downloader
MacMaUnspecified
3
Macma is a malicious software (malware) first detailed by Google's Threat Analysis Group (TAG) in 2021, although it had been in use since at least 2019. Known as OSX.MacMa or simply Macma, this malware is a backdoor designed to exploit macOS systems, and has been frequently employed by the Evasive P
NightdoorUnspecified
2
Nightdoor is a complex malware attributed to the Evasive Panda APT group, a China-linked cyber-espionage team known for its diverse attack vectors and focus on surveillance of individuals and organizations in Asia and Africa. The malware was introduced by the group in 2020 and has been used alongsid
Source Document References
Information about the Daggerfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
China's Evasive Panda Attacks ISP to Send Malicious Software Updates
Securityaffairs
a month ago
Chinese StormBamboo APT compromised ISP to deliver malware
Securityaffairs
2 months ago
Chinese Daggerfly uses a new version of Macma macOS backdoor
DARKReading
2 months ago
China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms
InfoSecurity-magazine
2 months ago
Chinese Espionage Group Upgrades Malware to Target All Major OS
BankInfoSecurity
2 months ago
Chinese Cyberespionage Group Expands Malware Arsenal
CERT-EU
6 months ago
Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU
6 months ago
Chinese Panda APT Hacking Websites To Infect Windows And MacOS Users
InfoSecurity-magazine
6 months ago
Evasive Panda Targets Tibet With Trojanized Software
CERT-EU
6 months ago
Evasive Panda leverages Monlam Festival to target Tibetans
DARKReading
6 months ago
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
DARKReading
a year ago
China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
InfoSecurity-magazine
a year ago
Ukraine's CERT-UA Exposes Gamaredon's Rapid Data Theft Methods
CERT-EU
a year ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU
a year ago
Alibaba Cloud's PostgreSQL databases impacted by critical bugs
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
CERT-EU
a year ago
Cyber security week in review: April 21, 2023
InfoSecurity-magazine
a year ago
Evasive Panda's Backdoor MgBot Delivered Via Chinese Software Updates