City
Epaper

Chinese hacker group Deep Panda that hit several global firms is back

By IANS | Updated: April 2, 2022 23:10 IST

New Delhi, April 2 A Chinese hacker group known as 'Deep Panda' that went into hibernation after attacking ...

Open in App

New Delhi, April 2 A Chinese hacker group known as 'Deep Panda' that went into hibernation after attacking global entities some years ago, including in India, is back in action.

Deep Panda has launched new attacks against finance, travel and cosmetic industries since last month, exploiting Log4Shell open source software vulnerability to deploy the new Fire Chili rootkit.

During the past month, FortiGuard Labs researchers detected a campaign by a Chinese advanced persistent threat (APT) hacking group that has been active for at least a decade, targeting government, defence, healthcare, telecom, and financial organisations for data theft and surveillance.

Following exploitation, Deep Panda deployed a backdoor on the infected machines.

"Following forensic leads from the backdoor led us to discover a novel kernel rootkit signed with a stolen digital certificate. We found that the same certificate was also used by another Chinese APT group, named Winnti, to sign some of their tools," the researchers said in a blog post.

The team attributed a series of opportunistic Log4Shell infections from the past month to Deep Panda.

"Though previous technical publications on Deep Panda were published more than half a decade ago, new findings relate to a more recent report about the Milestone backdoor, which shows that their operations have continued throughout all these years," the researchers noted.

Amid heightened border tensions between India and China, cybersecurity researchers last year revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups.

The attacks, which coincided with the standoff between the two nations in May 2020, targeted a total of 12 firms, 10 of which were in the power generation and transmission sector.

According to a report in Recorded Future, the victims included a power plant run by National Thermal Power Corporation (NTPC) Limited and New Delhi-based Power System Operation Corporation Limited.

Investigators from the cybersecurity firm's Insikt Group revealed the malware deployed by the threat actor shared similar infrastructure with other Chinese groups APT41 (Winnti or Wicked Panda) and Tonto Team.

FortiGuard said that Although both Deep Panda and Winnti are known to use rootkits as part of their toolset, "Fire Chili is a novel strain with a unique code base different from the ones previously affiliated with the groups".

"The reason these tools are linked to two different groups is unclear at this time," they noted.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor

Tags: FortinetindiaNew DelhiNational Thermal Power CorporationThe new delhi municipal councilDelhi south-westIndiUk-indiaRepublic of indiaIndia india
Open in App

Related Stories

NationalRajnath Singh and Abdeltif Loudiyi Sign MoU on Defence Cooperation; Focus on Counter-Terrorism, Cyber Security, and Maritime Safety (Watch Video)

CricketIND vs PAK 2025 Live Streaming: Head-to-Head Record, When and Where to Watch India vs Pakistan Asia Cup Super 4 Clash

MumbaiNamo Yuva Yatra: Milind Soman Flags Off Campaign in Mumbai, Says ‘Theme of a Drug-Free India Is Very Important’ (Watch Videos)

CricketIND-W vs AUS-W, 3rd ODI: Australia Women Win Toss, Opt to Bat Against India in Series Decider; Check Playing XIs

CricketWhy Is India Women’s Cricket Team Wearing a Pink Jersey in IND-W vs AUS-W 3rd ODI 2025 Match?

Technology Realted Stories

TechnologyGST cut on renewable energy to save Rs 1–1.5 trillion by 2030: Pralhad Joshi

TechnologyAB PM-JAY turns 7: Moving toward a healthier India where no one is left behind, says Nadda 

TechnologyImpact of H-1B visa hike to be minimum on Indian IT firms: Report

TechnologyStrong uptick seen in electronics sales as GST rate cuts kick in

Technology10th National Ayurveda Day: Ancient medical tradition can help build healthy society