Nightdoor

Malware updated 2 months ago (2024-07-23T12:17:42.411Z)

Download STIX

Preview STIX

Nightdoor is a complex malware attributed to the Evasive Panda APT group, a China-linked cyber-espionage team known for its diverse attack vectors and focus on surveillance of individuals and organizations in Asia and Africa. The malware was introduced by the group in 2020 and has been used alongside another malicious software, MgBot, which is exclusively deployed by Evasive Panda. Nightdoor communicates with a command-and-control server to issue commands, upload data, and create a reverse shell, effectively turning the victim's machine into an open book. The Evasive Panda group has been targeting Tibetans using the Nightdoor backdoor, leveraging it as part of a larger collection of tools for their operations. The group's arsenal includes known and unknown tools, including downloaders, droppers, and backdoors such as MgBot and Nightdoor. These tools have been used to target several networks in East Asia, indicating the group's geographical focus. ESET researchers first identified Nightdoor earlier this year, highlighting its technical significance due to its complexity. The malware has been deployed against visitors from specific global geographies who are infected with droppers and backdoors, including Nightdoor and MgBot. Despite the complexity and variety of these attacks, it remains uncertain what specific information the threat actors are seeking.

Description last updated: 2024-07-23T12:16:01.045Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Windows

Evasive

Malware

Eset

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Mgbot	Unspecified	3	MgBot is a malicious software (malware) used exclusively by the cyber threat group known as Evasive Panda. This malware, along with another custom-made Windows backdoor called Nightdoor, forms part of the group's toolkit for cyber attacks. These tools are typically delivered via malicious downloader

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Evasive Panda	Unspecified	4	Evasive Panda, a threat actor group also known as Bronze Highland and Daggerfly, has been identified as a significant cybersecurity threat. This group, believed to be aligned with China, has been deploying custom implants such as MgBot, Nightdoor, and a macOS downloader component, using these tools
Daggerfly	Unspecified	2	DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since 2012. The group is known for its cyberespionage activities targeting individuals in mainland China, Hong Kong, Macao, and Nigeria. In addition to these

Source Document References

Information about the Nightdoor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	Chinese Daggerfly uses a new version of Macma macOS backdoor
DARKReading	a month ago	China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms
InfoSecurity-magazine	a month ago	Chinese Espionage Group Upgrades Malware to Target All Major OS
BankInfoSecurity	2 months ago	Chinese Cyberespionage Group Expands Malware Arsenal
DARKReading	6 months ago	China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
CERT-EU	6 months ago	Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	6 months ago	China State-Sponsored Spies Hack Site and Target User Systems in Asia
CERT-EU	6 months ago	APT attacks taking aim at Tibetans – Week in security with Tony Anscombe
CERT-EU	6 months ago	Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU	6 months ago	China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	6 months ago	Cyber Security Week in Review: March 8, 2024
InfoSecurity-magazine	6 months ago	Evasive Panda Targets Tibet With Trojanized Software
CERT-EU	6 months ago	Evasive Panda leverages Monlam Festival to target Tibetans