Evasive Panda Hack Reveals Urgent Need for Secure Software Updates

A recent cyberattack attributed to the China-linked hacker group Evasive Panda has compromised an unnamed internet service provider (ISP), allowing them to deliver malicious software updates to target companies. This attack, reported by Arstechnica, involved the malware MgBot and MACMA, which have stolen sensitive information such as passwords, files, and browser data.

Evasive Panda, also known as Bronze Highland, Daggerfly, and StormBamboo, has been active since at least 2012. Their operations include supply chain and watering hole attacks, targeting Tibetan users and an international NGO in Mainland China, as noted by The Hacker News. The attack exploited the ISP’s DNS, redirecting user traffic to malicious sites. Volexity, a cybersecurity firm, identified the attack through DNS poisoning and traced it back to the ISP.

The hackers manipulated DNS queries for software update domains, delivering malware to systems using insecure HTTP update mechanisms or lacking proper integrity checks. On macOS devices, they also deployed a malicious Google Chrome extension to exfiltrate browser cookies.

This incident emphasizes the need for developers to use secure HTTPS for software updates and to implement integrity checks on installers. Ensuring robust cybersecurity measures is critical to protecting against such sophisticated attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *