Evasive Panda scouting cloud services
Essential information
- Published
- 28/10/2024 20:14
- Modified
- 29/10/2024 13:28
- Tags
- 2024-10-28 apt china cloud services cloudscout cookie theft cyberespionage mgbot nightdoor taiwan
- Related entities
- 17 observables, 1 intrusion sets (apt), 18 techniques (mitre), 3 malware, 3 others
Description
CloudScout is a post-compromise toolset used by Evasive Panda to target a Taiwanese government entity and religious organization between 2022 and 2023. The toolset can retrieve data from various cloud services using stolen web session cookies. It works with MgBot, Evasive Panda's malware framework, through a plugin. Three CloudScout modules were analyzed, targeting Google Drive, Gmail, and Outlook. The modules are deployed by MgBot plugins and use stolen cookies to access and exfiltrate cloud data. CloudScout's design includes a common architecture across modules and a core CommonUtilities package. The toolset demonstrates Evasive Panda's technical capabilities and focus on cloud-stored data in espionage operations.