Chinese cyberespionage operation Evasive Panda, also known as Daggerfly, StormBamboo, and Bronze Highland, has targeted Taiwanese organizations with the novel CloudScout post-compromise toolset, which uses exfiltrated web session cookies to facilitate data retrieval from several cloud services, The Hacker News reports.
After leveraging numerous initial attack vectors, including vulnerability exploitation and DNS poisoning, to infiltrate targeted networks, Evasive Panda proceeds with the distribution of the MgBot and Nightdoor payloads, with the former leveraged to deploy 10 CloudScout modules, three of which target Google Drive, Gmail, and Microsoft Outlook, according to an analysis from ESET. MgBot or Nightdoor then exfiltrate the ZIP archive containing the emails and attachments, mail folder listings, and files of various extensions collected by the modules, said ESET researchers. Such findings come after Canada reported its government agencies, democratic entities, defense sector, critical infrastructure, media organizations, and non-government organizations being subjected to an advanced Chinese state-sponsored reconnaissance effort.
