Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit - #Daggerfly
The cyber espionage group known as StormBamboo, also called Evasive Panda, Daggerfly, and Bronze Highland, has been conducting a series of sophisticated attacks by compromising an ISP to manipulate DNS responses and distribute malware through software updates. The group has been active since at least 2012 and primarily targets macOS and Windows systems with malware such as MACMA and POCOSTICK (MGBot). Their tactics include DNS poisoning, use of insecure software update mechanisms, and deployment of malicious browser extensions to steal sensitive data. Volexity researchers discovered and reported multiple instances of these attacks, leading to the ISPs' actions to mitigate the threats by rebooting and updating network components. Additionally, Evasive Panda has introduced a new toolset named CloudScout to exfiltrate data from cloud services using stolen web session cookies. This reflects the group's evolving capabilities and their ongoing focus on cyber espionage against various targets, including Asian and African organizations.