Cybersecurity researchers have profiled a hacking crew named Panda believed to have amassed roughly $90,000 worth of cryptocurrency via remote access tools (RATs) and illicit mining malware.
The Cisco Talos Intelligence Group noted that while Panda isnt exactly sophisticated, it has persisted as one of the internets most active attackers in recent years.
Talos researchers highlightedthe groups willingness to continuously exploit vulnerable web applications worldwide as key to its success. By October last year, a configuration file featured in Panda malware had been downloaded more than 300,000 times.
They also frequently update their targeting, using a variety of exploits to target multiple vulnerabilities, and is quick to start exploiting known vulnerabilities shortly after public POCs become available, becoming a menace to anyone slow to patch, said the firm.
Pandawas first detected in mid-2018 during the wildly successful MassMiner campaign. This was powered by aworm which leveraged multiple in-built exploits, and even brute-forced access to Microsoft SQL servers, to mine the alternative cryptocurrency Monero (XMR).
Now, Panda reportedly utilizes Mimikatz, an open-source program for stealing sensitive information from compromised systems, such as usernames and passwords.
Researchers also found Panda operates with exploits previously used by Shadow Brokers, a hacking crew that gained its reputation by publishing information taken from the US National Security Agency.
To date, Talos has confirmed that Panda has hit organizations in the banking, transportation, telecommunications, IT services, and healthcare industries.
Whoever is behindPandadoesnt really caretoo much about operational security. For example, the group got its name as one related domain had been registered to a Chinese-speaking actor who went by the name Panda.
An analyzed malware sample also requesteddata using anIP geolocation service which provided the machines IP address and location in Chinese.
Even more curious, Talos analysts found Panda had been exploiting a vulnerability in the ThinkPHP web framework to spread its malware. Researchers report this software is particularly popular in China.
Pandas operational security remains poor, with many of their old and current domains all hosted on the same IP and their TTPs remaining relatively similar throughout campaigns, wrote the firm. The payloads themselves are also not very sophisticated.
Still, Pandas efforts are said generated around 1,215 XMR in profits, which today is worth around $90,000 but the exact amount earned is dependent on when they sold their cryptocurrency.
Thats one prolific hacking panda.
Published September 18, 2019 12:12 UTC
- How I got sucked into cryptocurrency and made $13 million - The Hustle - November 13th, 2019
- Creativity and Value Will Win the Cryptocurrency Exchange Wars - newsBTC - November 13th, 2019
- Switzerland gets another Bitcoin bank that holds cryptocurrency for customers - The Next Web - November 13th, 2019
- Big Canadian bank rumored to offer cryptocurrency accounts, Bitcoin trading - The Next Web - November 13th, 2019
- The cryptocurrency market update: Bitcoin and major altcoins are vulnerable to further losses - FXStreet - November 13th, 2019
- U.S. cant let criminals get the upper hand by using Chinas coming cryptocurrency - MarketWatch - November 13th, 2019
- Ontology (ONT) 10% jump shines above the cryptocurrency landscape - FXStreet - November 13th, 2019
- Cryptocurrency tracking improves -- but how? - FCW.com - November 13th, 2019
- Beware of cryptocurrency gurus like Dr Ruja and her OneCoin cult - Jim Duffy - The Scotsman - November 13th, 2019
- Evercoin Launches Bitcoin and Cryptocurrency Hardware Wallet - Bitcoin News - November 13th, 2019
- Cryptocurrency Tips on Telegram Reach 500,000 Milestone in Just a Year - BeInCrypto - November 13th, 2019
- Chainalysis Launches Kryptos to Help Financial Institutions Uncover Cryptocurrency Opportunities and Risks - PRNewswire - November 13th, 2019
- Halting illegal cryptocurrency use the focus of major crime conference - The Age - November 13th, 2019
- Indeed: Share of cryptocurrency jobs grew 1,457% in 4 years - VentureBeat - November 13th, 2019
- Senator Romney Considers Action As A Nation On Cryptocurrency Threat To Homeland Security - Forbes - November 6th, 2019
- Bitcoin passes $1 billion milestone on cryptocurrency anniversary - The Independent - November 6th, 2019
- Stellar's Foundation Just Destroyed Half the Supply of Its Lumens Cryptocurrency - Coindesk - November 6th, 2019
- CRYPTOCURRENCY: China calls on Huawei to help with crypto ambitions - Express - November 6th, 2019
- Governments race to beat Facebook's cryptocurrency, libra, at its own game: Don Pittis - CBC.ca - November 6th, 2019
- Bitcoin and Cryptocurrency mining industry still has a future in China - FXStreet - November 6th, 2019
- Ron Paul: No, cryptocurrency is not something the Fed should be getting its 'hands around' - Fox Business - November 6th, 2019
- Cryptocurrency market update: Bitcoin, Ethereum and Ripple get ready the weekend action - FXStreet - November 6th, 2019
- The Bitcoin time-traveler Reddit post has been edited, but nobody knows who did it - The Next Web - November 6th, 2019
- Cryptocurrency saves a 110-year old power plant from demolition - The Next Web - November 6th, 2019
- US fines founders of worthless cryptocurrency over $4.25M binary options scam - The Next Web - November 6th, 2019
- Inside the Icelandic Facility Where Bitcoin Is Mined - WIRED - November 6th, 2019
- Fiat Currency 2.0: Counter argument to the Cryptocurrency narrative - Finextra - November 6th, 2019
- The never-ending Mt. Gox saga: Cryptocurrency recovery deadline pushed back (again!) - The Next Web - November 6th, 2019
- Startup Targets Cryptocurrency Crime - But Will The Big Banks Come On Board? - Forbes - October 24th, 2019
- Major Bitcoin Miner Warns The Cryptocurrency Needs Better Privacy - Forbes - October 24th, 2019
- Why Cryptocurrency is in The Spotlight For More Central Banks - newsBTC - October 24th, 2019
- Bank of Canada Warms To National Cryptocurrency, Will it Compete Against Bitcoin? - newsBTC - October 24th, 2019
- Cryptocurrency Mining Hardware Market 2019-2023 | Evolving Opportunities with Advanced Micro Devices, Inc and Baikal Miner | Technavio - Business Wire - October 24th, 2019
- Sitharaman Says Other Nations Agree With Indias Stance On Cryptocurrency - Inc42 Media - October 24th, 2019
- Mark Zuckerberg to testify on cryptocurrency, election security, and antitrust - KCRW - October 24th, 2019
- Facebook's Owner Hints It May Be Willing To Pull Out Of Cryptocurrency. - Kfm Radio - October 24th, 2019
- Are Smart Cities The Pathway To Blockchain And Cryptocurrency Adoption? - Forbes - October 24th, 2019
- This New Bitcoin And Cryptocurrency Exchange Cant Be Hacked - Forbes - October 16th, 2019
- As Facebook's libra faces headwinds, China is racing to launch its own global cryptocurrency - CNBC - October 16th, 2019
- Telegram might be forced to put its global cryptocurrency plans on ice - MIT Technology Review - October 16th, 2019
- Mastering Emotions and Managing Risk in Cryptocurrency Trading - Coindesk - October 16th, 2019
- Europol: Bitcoin is the still the dark webs favorite cryptocurrency - The Next Web - October 16th, 2019
- Theres A New Question On Your 1040 As IRS Gets Serious About Cryptocurrency - Forbes - October 16th, 2019
- Mapped: Cryptocurrency Regulations Around the World - Visual Capitalist - October 16th, 2019
- North Korean Hackers Tried to Infect macOS Systems with Fake Cryptocurrency App - Security Boulevard - October 16th, 2019
- Bitcoin Will Break Out Again in November, Suggests Cryptocurrency Trader - BeInCrypto - October 16th, 2019
- Another partner abandons Facebooks cryptocurrency - Marketplace.org - October 16th, 2019
- SEC puts a stop to Telegram's cryptocurrency plans in the US - Engadget - October 16th, 2019
- Alert: IRS Releases Long-Awaited Guidance on Taxation of Cryptocurrency Transactions - JD Supra - October 16th, 2019
- The New Guidance on Cryptocurrency - Accountingweb.com - October 16th, 2019
- Cryptocurrency 101: What is Bitcoin, where did it come from, and where does is it lead? - WGN Radio - Chicago - October 16th, 2019
- The issuer of a star cryptocurrency is being sued for $1.4trn - The Economist - October 16th, 2019
- Bitcoins Competitors Are Missing The Point Of Cryptocurrency And Blockchain Technology - Forbes - September 29th, 2019
- North Korea's cryptocurrency shows the limits of Trump's 'maximum pressure' - Business Insider - September 29th, 2019
- Congress Questions The SEC On Libra, Cryptocurrency And The Whole Blockchain Phenomenon - Forbes - September 29th, 2019
- The cryptocurrency market update: Bitcoin consolidates losses, altcoins explore the red territory - FXStreet - September 29th, 2019
- Dollar-pegged stablecoin Tether is now the worlds 4th biggest cryptocurrency - The Next Web - September 29th, 2019
- Post-Crash Bitcoin Warning As Wallets Targeted In Active And Ongoing Hack Attack - Forbes - September 29th, 2019
- Venezuela may have Bitcoin and Ethereum, but its unsure how it can use them - The Next Web - September 29th, 2019
- Facebook reveals which currencies will back Libra cryptocurrency - The Independent - September 29th, 2019
- Are Cryptocurrency Transactions about to Hit the Mainstream? - BOSS Magazine - September 29th, 2019
- Best ROI in Home Cryptocurrency Mining with BitHarp - AiThority - September 29th, 2019
- Justin Sun seeks Andrew Yangs attention with another cryptocurrency UBI pitch - The Next Web - September 29th, 2019
- Algorand cryptocurrency lost 94% of its value in its first three months - Decrypt - September 29th, 2019
- The sad and peculiar case of Satowallets alleged $1M cryptocurrency exit scam - The Next Web - September 29th, 2019
- Cryptocurrency This Week: Bitcoin Plunges $2K, SC Rejects Amit Bhardwajs Latest Plea And More - Inc42 Media - September 29th, 2019
- Cryptocurrency Club created to educate students on new form of commerce - Daily Nebraskan - September 29th, 2019
- Fast ROI in Home Cryptocurrency Mining With BitHarp - Business Wire - September 29th, 2019
- Ethereum leads cryptocurrency market over past week - Decrypt - September 19th, 2019
- Bitcoin Ban Means Massive Brain Drain for India, Crypto Industry Warns - Cointelegraph - September 19th, 2019
- The cryptocurrency market update: Bitcoim settles at new lows, altcoins deep in red - FXStreet - September 19th, 2019
- Stanford grads develop cryptocurrency for smartphone users to increase its accessibility - The Stanford Daily - September 19th, 2019
- FINMA Application From Facebooks Cryptocurrency Libra Might Not Be Good Enough To Satisfy Regulators - Forbes - September 19th, 2019
- Cryptocurrency market update: Ripple, NEO and Monero dump as altcoins' short-lived boom takes a breather - FXStreet - September 19th, 2019
- Bitcoin Price Dips to $9.6K as Bear Cross Looms - CoinDesk - September 19th, 2019
- IRS small business unit pivots to cryptocurrency enforcement - Accounting Today - September 19th, 2019
- SEC sues cryptocurrency startup ICOBox for selling $14.6M worth of unregistered tokens - The Next Web - September 19th, 2019
- Cryptocurrency in Focus: EOS Has Deep Pockets, but Faces Challenges Ahead - TheStreet.com - September 19th, 2019
- Report: Philippine Police Raid Alleged Cryptocurrency Scam, Arrest 277 - Cointelegraph - September 19th, 2019
- France, Germany blast Facebook's Libra, back public cryptocurrency - Reuters - September 19th, 2019