The Chinese advanced persistent threat group known as Daggerfly [1], also tracked by Symantec as Evasive Panda or Bronze Highland, has been active for over a decade [2] [3], targeting organizations and individuals globally with a variety of attack techniques [3].
Description
The group utilizes a modular malware development framework to create threats for Windows [3], Linux [1] [2] [3], macOS [1] [2] [3] [5], and Android [2] [3]. Recent updates to its malware toolkit have enhanced its espionage capabilities, introducing new versions of its malware [5], including a new family based on the MgBot framework and a new version of the Macma macOS backdoor [5]. Recent attacks have involved previously unseen plugins for MgBot, the ability to Trojanize Android APKs [2], intercept SMS and DNS requests [2], and target Solaris OS [2]. The group also employs the Windows backdoor Suzafk for command and control. Updates to the Macma malware variants have been observed, with modifications to the main module and existing functionalities to improve functionality and fix bugs, enhancing the quality of data harvested from infected computers [4]. Clues linking Macma to Daggerfly have been found [4], such as connections to a command-and-control server used by an MgBot dropper and shared code with other Daggerfly tools [4], suggesting that Macma is part of the Daggerfly toolkit [4].
Conclusion
The activities of Daggerfly pose significant risks to organizations and individuals globally. It is crucial for cybersecurity professionals to remain vigilant and implement robust security measures to mitigate the threat posed by this advanced persistent threat group. As Daggerfly continues to evolve and enhance its malware capabilities, it is essential for security experts to stay informed and adapt their defenses accordingly to protect against future attacks.
References
[1] https://www.darkreading.com/threat-intelligence/china-evasive-panda-apt-spies-taiwan-targets-across-platforms
[2] https://www.infosecurity-magazine.com/news/chinese-group-malware-target-os/
[3] https://www.443news.com/2024/07/chinese-apt-group-daggerfly-revamps-malware-toolkit-with-new-backdoors/
[4] https://duo.com/decipher/daggerfly-apt-group-attacks-showcase-updated-tools
[5] https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset