Malware, Threat Intelligence

Updated malware arsenal leveraged in Chinese Daggerfly attacks

Share
Chinese hacker. Laptop with binary computer code and china flag

Chinese state-sponsored hacking group Daggerfly, also known as Evasive Panda and Bronze Highland, has leveraged an updated version of the MACMA macOS malware, as well as the new Nightdoor backdoor, also known as Suzafk and NetMM, in attacks against Taiwanese organizations and a China-based U.S. non-governmental organization, The Hacker News reports.

Aside from having similar source code as the MgBot malware associated with Daggerfly, MACMA also established a connection with a command-and-control server previously leveraged by a MgBot dropper, a report from Symantec's Threat Hunter Team showed. On the other hand, Nightdoor has been previously deployed in attacks against Tibet since September. "Daggerfly appears to be capable of responding to exposure by quickly updating its toolset to continue its espionage activities with minimal disruption," said researchers. Such a development follows China's National Computer Virus Emergency Response Center's assertions that the Volt Typhoon hacking operation was not supported by the Chinese government and is only part of the U.S.'s misinformation campaign.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.