Daggerfly: Espionage Group Makes Major Update to Toolset
Essential information
- Published
- 23/07/2024 13:42
- Modified
- 23/07/2024 14:15
- Tags
- 2024-07-23 dazzlespy macma mgbot
- Related entities
- 1 vulnerabilities (cve), 20 observables, 1 intrusion sets (apt), 19 techniques (mitre), 5 malware, 4 others
Description
An advanced persistent threat (APT) group, known as Daggerfly or Evasive Panda, has significantly updated its malware arsenal. The group has introduced new versions of its modular backdoor framework MgBot for multiple platforms, including Windows, Linux, macOS, and Android. Symantec researchers have also attributed the previously documented Macma macOS backdoor to Daggerfly based on shared code and infrastructure. Additionally, a new Windows backdoor named Suzafk has been identified as part of Daggerfly's toolkit. Recent attacks targeting organizations in Taiwan, a US NGO based in China, and telecoms operators in Africa demonstrate the group's continued espionage activities.