Evasive Panda Targets Tibet With Trojanized Software

07-Mar-24

A sophisticated cyber-espionage campaign by the China-aligned APT group Evasive Panda (also known as BRONZE HIGHLAND and Daggerfly) has been observed targeting Tibetans across various countries and territories. According to a technical write-up published by ESET researchers today, the attackers strategically leveraged the Monlam Festival, a significant religious gathering, to target individuals associated with Tibetan Buddhism.



By compromising the festival organizer’s website, they orchestrated a watering hole attack, specifically targeting users connecting from specific networks. This tactic involved injecting malicious code into the website, leading visitors to unwittingly download trojanized software.



“In addition to this, the attackers also abused the same website and a Tibetan news website called Tibetpost – tibetpost[.]net – to host the payloads obtained by the malicious downloads, including two full-featured backdoors for Windows and an unknown number of payloads for macOS,” ESET wrote

Read More…