Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks
The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023.
The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor.
The findings come from ESET, which said the attackers compromised at least three websites to carry out watering-hole attacks as well as a supply-chain compromise of a Tibetan software company. The operation was discovered in January 2024. Evasive Panda, active since 2012 and also known as Bronze Highland and Daggerfly, was previously disclosed by the Slovak cybersecurity firm in April 2023 as having targeted an international non-governmental organization (NGO) in Mainland China with MgBot.