For the last couple of weeks, we have been hearing about increased Chinese APT activity in APAC. One of the APT groups involved is Deep Panda (a.k.a. purple ghost, Kungfu Kitten), and the countries affected are India, Australia, and Vietnam. Deep Panda is among the older APT groups and has been around in one form or another since 2011. The group was among the first ones to be trained to target high-value targets and complex installations such as those connected with governments, telecom, defense, and parts of critical infrastructure.
Deep Panda’s primary mission is to snoop on official channels to exfiltrate data of importance to the group’s sponsors. Deep Panda is also known to maintain a very high level of interest in intercepting communication between various government departments including state secrets and data such as those linked to Covid-19 numbers (sometimes it harvests and transmits terabytes of data to global C&C servers which is handed over to a team that sorts the information manually). It has known links with other Chinese APT groups and has collaborated on at least one project with the notorious North Korean APT group Lazarus
Also read: Why IoT Security is Important for Today’s Networks?
Deep Panda uses a wide array of tools including multi-phase RATs and also uses various Zero Day exploits to push malware into target networks. Recently we came across many instances of the group trying to infect servers with the Fire Chili rootkit. Deep Panda’s expertise lies in running complex social engineering campaigns to lure multiple victims in the target organization to activate more lines of data intercept ..
Support the originator by clicking the read the rest link below.
