Evasive Panda Uses SSH Backdoor to Target Network Devices - #Daggerfly
The Chinese state-sponsored hacking group Evasive Panda, active since 2012, has developed sophisticated tools for cyber espionage, primarily targeting entities in Taiwan and Tibet. Their latest toolset, CloudScout, exploits stolen web session cookies to bypass two-factor authentication and access cloud services like Google Drive, Gmail, and Outlook. This technique, known as "pass-the-cookie," allows for data exfiltration without direct authentication. Evasive Panda has also been linked to a subgroup called TAG-112, which compromised Tibetan websites to spread malware. In a separate campaign called Lunar Peek, the group deployed a Linux malware strain, ELF/Sshdinjector.A!tr, targeting network appliances for data exfiltration. These evolving tactics and tools demonstrate Evasive Panda's increasing technical capabilities and persistent focus on organizations opposing China's interests.