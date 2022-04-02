New Delhi: A Chinese hacker group known as ‘Deep Panda’ that went into hibernation after attacking global entities some years ago, including in India, is reportedly back in action. Deep Panda has launched new attacks against finance, travel and cosmetic industries since last month, exploiting Log4Shell open source software vulnerability to deploy the new Fire Chili rootkit.Also Read - WhatsApp Update: Users Can Now Play Audio Messages While Reading Other Chats And Pause Recording, Checkout Details

During the past month, FortiGuard Labs researchers detected a campaign by a Chinese advanced persistent threat (APT) hacking group that has been active for at least a decade, targeting government, defence, healthcare, telecom, and financial organisations for data theft and surveillance. Following exploitation, Deep Panda deployed a backdoor on the infected machines.

"Following forensic leads from the backdoor led us to discover a novel kernel rootkit signed with a stolen digital certificate. We found that the same certificate was also used by another Chinese APT group, named Winnti, to sign some of their tools," the researchers said in a blog post.

The team attributed a series of opportunistic Log4Shell infections from the past month to Deep Panda. “Though previous technical publications on Deep Panda were published more than half a decade ago, new findings relate to a more recent report about the Milestone backdoor, which shows that their operations have continued throughout all these years,” the researchers noted.

