Security researchers have detected Chinese hackers targeting network appliances with malware, providing them with ongoing access and diverse capabilities. The cybersecurity experts at Fortiguard have identified the attack as “ELF/SShdinjector.A!tr” and linked it to the Chinese advanced persistent threat group Evasive Panda, also known as Daggerfly or BRONZE HIGHLAND. This group, active since 2012, typically focuses on cyberespionage, directing its efforts towards individuals, government bodies, and organizations, with previous operations targeting entities in Taiwan, Hong Kong, and the Tibetan community. The specific victims of this recent campaign remain unknown.

While the initial access point remains undisclosed by Fortiguard, potential vulnerabilities such as weak credentials, known security loopholes, or pre-existing device infections are suspected. Evasive Panda installed malware into the SSH daemon of the affected appliances, granting them a wide range of capabilities, such as retrieving system details, accessing sensitive user data, viewing system logs, transferring files, executing remote commands, operating a remote shell, deleting specific files, and extracting user credentials. This incident follows Evasive Panda’s prior activities in July 2024 when they aimed at macOS users with an updated version of their malware Macma, which was developed to enhance their operations due to previous exposure concerns.

The newly introduced Macma variant, a modular macOS backdoor, undertakes various functions such as device identification, command execution, screen capture, keylogging, audio recording, and file exchange on compromised systems. The researchers also discussed employing artificial intelligence to reverse engineer and analyze the malware, acknowledging the tool’s potential while highlighting some common AI-related challenges. Despite advancements in disassemblers and decompilers, AI innovations have showcased superior capabilities according to the researchers, who praised the groundbreaking progress in this field.

Via BleepingComputer, additional articles highlighting the Chinese hackers’ targeting of Mac users with advanced Macma malware and recommendations for the best password managers and authenticator apps are available for further reading.