- 2025 Cyber Security Predictions: Navigating the Ever-Evolving Threat Landscape
- Not Just Another List of Top 10 Metrics You Should Measure
- My new favorite headphones for swimming come bundled in a unique charging accessory
- Why I recommend this Windows laptop to creatives and professionals - even if it's meant for gamers
- This HP laptop may be the closest thing to a MacBook Pro for Windows users - and I don't mind it
Evasive Panda Targets Tibet With Trojanized Software
A sophisticated cyber-espionage campaign by the China-aligned APT group Evasive Panda (also known as BRONZE HIGHLAND and Daggerfly) has been observed targeting Tibetans across various countries and territories.
The operation, which has been ongoing since at least September 2023, exploits both a targeted watering hole tactic and a supply-chain compromise involving trojanized installers of Tibetan language translation software.
According to a technical write-up published by ESET researchers today, the attackers strategically leveraged the Monlam Festival, a significant religious gathering, to target individuals associated with Tibetan Buddhism.
By compromising the festival organizer’s website, they orchestrated a watering hole attack, specifically targeting users connecting from specific networks. This tactic involved injecting malicious code into the website, leading visitors to unwittingly download trojanized software.
“In addition to this, the attackers also abused the same website and a Tibetan news website called Tibetpost – tibetpost[.]net – to host the payloads obtained by the malicious downloads, including two full-featured backdoors for Windows and an unknown number of payloads for macOS,” ESET wrote.
These installers were designed to deploy malicious downloaders, further facilitating the infiltration of victims’ systems.
The security researchers underscored the sophistication of the campaign because Evasive Panda, active since at least 2012, deployed various malicious downloaders and backdoors, including a previously undocumented backdoor for Windows named Nightdoor.
“The attackers fielded several downloaders, droppers, and backdoors, including MgBot – which is used exclusively by Evasive Panda – and Nightdoor: the latest major addition to the group’s toolkit and which has been used to target several networks in East Asia,” reads the advisory.
By exploiting vulnerabilities in both web infrastructure and software supply chains, the attackers aimed to infiltrate networks and compromise targeted individuals. The campaign’s timing, coinciding with the Monlam Festival, suggests a strategic effort to capitalize on increased online activity during this period.
For more detailed information, including Indicators of Compromise (IoCs) and samples, visit the ESET GitHub repository.
