Chinese APT Group Using DNS Poisoning for Espionage
Posted: Tue Aug 06, 2024 2:13 pm
A state hacking group that's been linked to Chinese cyberespionage infected an internet service provider to redirect software update connections to an attacker server that downloaded malware, say security researchers.
Security firm Volexity uncovered the campaign, attributing it to a threat group its tracks as StormBamboo. The group, also known as EasivePanda, downloaded Macma backdoor onto victims. The Symantec Threat Hunter Team recently attributed Macma to a group it tracks as Daggerfly, a likely state-backed threat actor that targeted pro-democracy activists in Hong Kong (see: Chinese Cyberespionage Group Expands Malware Arsenal).
[...]
Chinese APT Group Using DNS Poisoning for Espionage
Security firm Volexity uncovered the campaign, attributing it to a threat group its tracks as StormBamboo. The group, also known as EasivePanda, downloaded Macma backdoor onto victims. The Symantec Threat Hunter Team recently attributed Macma to a group it tracks as Daggerfly, a likely state-backed threat actor that targeted pro-democracy activists in Hong Kong (see: Chinese Cyberespionage Group Expands Malware Arsenal).
[...]
Chinese APT Group Using DNS Poisoning for Espionage