In Taiwan, the government structure and religious organization were recently targeted by the Hacker Evasive Panda group linked to China. The attackers utilized a new set of CloudScout tools to compromise cloud services, as reported by ESET specialists. CloudScout works by using stolen session cookies from web browsers to gain access to cloud data and is integrated with the harmful platform Mgbot, commonly used by Evasive Panda for their attacks.
The cyber attacks occurred between May 2022 and February 2023 and consisted of 10 modules in C#, with three modules specifically designed to steal data from Google Drive, Gmail, and Outlook. The remaining modules’ purposes are still unknown.
The Evasive Panda group, also known as Bronze Highland, Daggerfly, and Stormbamboo, is notorious for targeting entities in Taiwan and Hong Kong, often exploiting vulnerabilities in the supply chain and DNS substitution methods. Their targets include the Tibetan diaspora and other specific groups.
The CloudScout modules enable the interception of session cookies for unauthorized entry into cloud services. Each module is linked through a C++ plugin for Mgbot. The foundation of CloudScout lies in the Commonutilities package, which contains unique libraries for HTTP checks and control. These libraries offer greater flexibility compared to publicly available solutions.
The data gathered by the attackers, such as emails, financial information, and various documents, are stored in ZIP files for further transmission through MGBOT or NightDoor.
As per ESET researchers, the implementation of new security measures by Google, like Device Bound Session Credentials and App-Bound Encryption, can significantly mitigate the impact of such cyber strikes using CloudScout.
In the age of digitalization, even the most secure systems are susceptible to targeted cyber attacks. Hacker groups are continuously enhancing their techniques to bypass existing security protocols, emphasizing the need for constant vigilance and the implementation of multi-layered data protection strategies by organizations.