Evasive Panda Uses Malware From Two Chinese Speaking Groups

APT Groups Exploiting EastWind Campaign to Target Governments and Enterprises

Evasive Panda Uses Malware From Two Chinese-Speaking Groups

Researchers at ESET have uncovered a campaign by the APT group Evasive Panda that exploited update channels of the open-source software Apache Tomcat.

Chinese Malware in EastWind Campaign

Notably, the EastWind campaign bore traces of malware from two different Chinese-speaking groups.

Thus, malware from two different Chinese-speaking groups was spotted in EastWind.

The presence of malware from multiple groups suggests that the EastWind campaign may have been a collaboration between different APT groups or that the malware was shared among them.

Targeted Cyberattacks Since End of 2022

The Evasive Panda campaign is just one of several targeted cyberattacks that have been detected since the end of 2022.

In December, Cisco Talos discovered a malicious campaign that compromised a Taiwanese government-affiliated organization.

The campaign used a combination of techniques, including phishing emails, malicious documents, and web shells, to gain access to the organization's network.

Protecting Against APT Attacks

Organizations can take several steps to protect themselves against APT attacks:

• Implement strong security measures, such as firewalls, intrusion detection systems, and antivirus software.
• Educate employees about social engineering and phishing attacks.
• Regularly patch software and operating systems.
• Monitor networks for suspicious activity.
• Have a response plan in place in case of an attack.

By taking these steps, organizations can reduce their risk of being targeted by APT groups.