Chinese state-sponsored hacking group Daggerfly, also known as Evasive Panda and Bronze Highland, has leveraged an updated version of the MACMA macOS malware, as well as the new Nightdoor backdoor, also known as Suzafk and NetMM, in attacks against Taiwanese organizations and a China-based U.S. non-governmental organization, The Hacker News reports.
Aside from having similar source code as the MgBot malware associated with Daggerfly, MACMA also established a connection with a command-and-control server previously leveraged by a MgBot dropper, a report from Symantec's Threat Hunter Team showed. On the other hand, Nightdoor has been previously deployed in attacks against Tibet since September. "Daggerfly appears to be capable of responding to exposure by quickly updating its toolset to continue its espionage activities with minimal disruption," said researchers. Such a development follows China's National Computer Virus Emergency Response Center's assertions that the Volt Typhoon hacking operation was not supported by the Chinese government and is only part of the U.S.'s misinformation campaign.