Evasive Panda

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
Evasive Panda, also known as BRONZE HIGHLAND and Daggerfly, is a threat actor group believed to be aligned with China. This group has been involved in a series of cyberespionage campaigns targeting Tibetans globally, starting from September 2023 or earlier. The group's operations have impacted systems in Taiwan, Hong Kong, Australia, and the United States. Evasive Panda has utilized custom malware implants such as MgBot and Nightdoor, and a macOS downloader component. These tools were deployed through servers acquired for their Command and Control (C&C) infrastructure. The group has also trojanized official installer packages from a software company to infiltrate targeted networks. The cyberespionage campaign by Evasive Panda notably exploited a major Tibetan Buddhist event, the Monlam Festival, compromising its website to target attendees. The group strategically compromised websites like Kagyu International Monlam Trust, using these platforms to distribute malicious payloads to the Tibetan communities globally. The payloads included a previously undocumented backdoor named Nightdoor, along with other known and unknown tools. The attackers fielded several downloaders, droppers, and backdoors, including MgBot – used exclusively by Evasive Panda – and Nightdoor, which targeted several networks in East Asia. ESET, an antivirus and internet security solutions provider, reported this activity with high confidence attributing it to the Evasive Panda Advanced Persistent Threat (APT) group. The attribution was based on the unique malware used in these attacks, including MgBot and Nightdoor. Evasive Panda's signature backdoor, MgBot, and its toolkit of plugin modules were particularly highlighted in ESET's overview. The group's sophisticated use of both known and custom-made tools underscores the serious threat they pose to cybersecurity.
What's your take? (Question 1 of 5)
b5e40fe2-92ef-4adf-8257-e193de762e20 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Bronze Highland
4
Bronze Highland, also known as Evasive Panda and Daggerfly, is a Chinese-speaking advanced persistent threat (APT) group that has been active since at least 2012. The group has been observed conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. It targets no
Daggerfly
4
DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group primarily conducts cyber espionage operations against individuals in mainland China, Hong Kong, Macao, and Nigeria, as well as
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Malware
Windows
Backdoor
Eset
Evasive
Downloader
Chinese
Espionage
AITM
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MgbotUnspecified
4
MgBot is a sophisticated malware used exclusively by the threat actor group known as Evasive Panda. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computer systems without the user's knowledge. Once inside, M
NightdoorUnspecified
3
Nightdoor is a complex and malicious software (malware) that was introduced in 2020 by the Evasive Panda Advanced Persistent Threat (APT) group, which is linked to China. This malware communicates with a command-and-control server to issue commands, upload data, and create a reverse shell, effective
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Evasive Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a year ago
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates | IT Security News
CERT-EU
3 months ago
APT attacks taking aim at Tibetans – Week in security with Tony Anscombe
CERT-EU
3 months ago
China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
DARKReading
a year ago
Supply Chain Attack Defense Demands Mature Threat Hunting
CERT-EU
a year ago
Cyber security week in review: April 28, 2023
CERT-EU
3 months ago
Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU
3 months ago
China State-Sponsored Spies Hack Site and Target User Systems in Asia
InfoSecurity-magazine
a year ago
Evasive Panda's Backdoor MgBot Delivered Via Chinese Software Updates
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
CERT-EU
a year ago
Chinese APT Group Hijacks Software Updates for Malware Delivery | IT Security News
CERT-EU
3 months ago
Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Novel macOS malware leveraged in BlueNoroff attacks
DARKReading
3 months ago
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
ESET
4 months ago
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
DARKReading
a year ago
China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
CERT-EU
3 months ago
Chinese Panda APT Hacking Websites To Infect Windows And MacOS Users
Checkpoint
a year ago
1st May – Threat Intelligence Report - Check Point Research
CERT-EU
3 months ago
Evasive Panda leverages Monlam Festival to target Tibetans