Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,174
- Points
- 113
MgBot, Nightdoor and MACMA – what else did Chinese hackers surprise experts with?
A group of hackers linked to the Chinese government and known as Daggerfly attacked a number of organizations in Taiwan and an American non-governmental organization in China using advanced malware kits.
According to the Symantec research group, Daggerfly is engaged in internal cyber espionage. In one of the most recent attacks, the group exploited a vulnerability in the Apache HTTP server to deliver its MgBot malware.
The Daggerfly group, also known as Bronze Highland and Evasive Panda, has been active since 2012. The group previously used the modular MgBot platform to gather intelligence from telecommunications providers in Africa.
A new Symantec report notes that Daggerfly is able to quickly update its tools to continue its spying activities. Recent attacks are characterized by the use of a new malware family based on MgBot and an improved version of the well-known macOS malware called MACMA.
MACMA, which is capable of collecting confidential information and executing arbitrary commands, has been linked to a specific hacker group for the first time in its activity. SentinelOne's analysis from 2021 showed that MACMA uses code from ELF/Android developers, which indicates the possibility of attacks on devices running the "green robot".
The connection between MACMA and Daggerfly is also confirmed by matching the source code and using common C2 servers. Another new malware in the group's arsenal is Nightdoor, which uses the Google Drive API for C2 and has been used in attacks on Tibetan users since September 2023.
Symantec reports that Daggerfly hackers are able to create variations of their tools for most major operating systems, including Android and even Solaris, using malicious software to intercept SMS and DNS queries.
The continuous improvement of cybercriminals hacking tools underscores the need for global cooperation in the field of digital protection and raising awareness of cyber threats at all levels of society.
Source
A group of hackers linked to the Chinese government and known as Daggerfly attacked a number of organizations in Taiwan and an American non-governmental organization in China using advanced malware kits.
According to the Symantec research group, Daggerfly is engaged in internal cyber espionage. In one of the most recent attacks, the group exploited a vulnerability in the Apache HTTP server to deliver its MgBot malware.
The Daggerfly group, also known as Bronze Highland and Evasive Panda, has been active since 2012. The group previously used the modular MgBot platform to gather intelligence from telecommunications providers in Africa.
A new Symantec report notes that Daggerfly is able to quickly update its tools to continue its spying activities. Recent attacks are characterized by the use of a new malware family based on MgBot and an improved version of the well-known macOS malware called MACMA.
MACMA, which is capable of collecting confidential information and executing arbitrary commands, has been linked to a specific hacker group for the first time in its activity. SentinelOne's analysis from 2021 showed that MACMA uses code from ELF/Android developers, which indicates the possibility of attacks on devices running the "green robot".
The connection between MACMA and Daggerfly is also confirmed by matching the source code and using common C2 servers. Another new malware in the group's arsenal is Nightdoor, which uses the Google Drive API for C2 and has been used in attacks on Tibetan users since September 2023.
Symantec reports that Daggerfly hackers are able to create variations of their tools for most major operating systems, including Android and even Solaris, using malicious software to intercept SMS and DNS queries.
The continuous improvement of cybercriminals hacking tools underscores the need for global cooperation in the field of digital protection and raising awareness of cyber threats at all levels of society.
Source
