Nightdoor

Malware updated 11 days ago (2024-10-17T12:04:05.141Z)

Download STIX

Preview STIX

Nightdoor is a complex malware attributed to the Evasive Panda Advanced Persistent Threat (APT) group, a China-linked cyber-espionage team. This group has typically focused on surveillance of individuals and organizations in Asia and Africa. The malware was first introduced by the group in 2020 and is used alongside other tools such as MgBot, which is exclusively used by Evasive Panda. Nightdoor communicates with a command-and-control server to issue commands, upload data, and create a reverse shell, effectively making an infected machine an "open book". The Evasive Panda APT group has been active in recent years, with MgBot being used in attacks against a China-based American NGO, an African telecoms operator in 2023, and in watering hole attacks late last year. In these attacks, Nightdoor worked alongside MgBot and was loaded onto newly infected systems alongside legitimate programs. Another malware, Suzafk (also known as ‘NetMM’ or Nightdoor), was observed in the group's toolkit and linked to Evasive Panda by ESET researchers in March 2024. The group has targeted Tibetans using the Nightdoor backdoor, leveraging various attack vectors. The use of Nightdoor and MgBot allows the group to gain significant access to the victim's system, although it remains unclear what specific information they are after. The researchers have also highlighted Daggerfly’s use of the Windows backdoor Suzafk, which ESET first documented as Nightdoor in March 2024. The threat actors behind Daggerfly are also deploying this new Windows backdoor, further emphasizing the wide reach and impact of this ongoing cyber-espionage campaign.

Description last updated: 2024-10-17T11:52:53.931Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Windows

Evasive

Malware

Eset

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Mgbot Malware is associated with Nightdoor. MgBot is a custom malware framework known for its use by the cyber espionage group, Daggerfly. Active for at least a decade, Daggerfly has deployed MgBot in various attacks, demonstrating its ability to uninstall itself, delete files, and collect information about processes. Notably, both MgBot and	Unspecified	3

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Evasive Panda Threat Actor is associated with Nightdoor. Evasive Panda, also known as StormBamboo and DaggerFly, is a threat actor group linked to China, primarily targeting organizations across Asia that have interest in the Chinese state. The group has been observed deploying custom implants such as MgBot, Nightdoor, and a macOS downloader component, al	Unspecified	4
The Daggerfly Threat Actor is associated with Nightdoor. DaggerFly, also known as Evasive Panda and StormBamboo, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group is renowned for its use of the custom MgBot malware framework, which it leverages to conduct cyberespionage activities against indi	Unspecified	2

Source Document References

Information about the Nightdoor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 months ago	Chinese Daggerfly uses a new version of Macma macOS backdoor
DARKReading	3 months ago	China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms
InfoSecurity-magazine	3 months ago	Chinese Espionage Group Upgrades Malware to Target All Major OS
BankInfoSecurity	3 months ago	Chinese Cyberespionage Group Expands Malware Arsenal
DARKReading	8 months ago	China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
CERT-EU	8 months ago	Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	China State-Sponsored Spies Hack Site and Target User Systems in Asia
CERT-EU	8 months ago	APT attacks taking aim at Tibetans – Week in security with Tony Anscombe
CERT-EU	8 months ago	Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor
CERT-EU	8 months ago	China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	Cyber Security Week in Review: March 8, 2024
InfoSecurity-magazine	8 months ago	Evasive Panda Targets Tibet With Trojanized Software
CERT-EU	8 months ago	Evasive Panda leverages Monlam Festival to target Tibetans