The Panda threat group, best known for launching the widespread and successful 2018 “MassMiner” cryptomining malware campaign, has continued to use malware to mine cryptocurrency in more recent attacks. A fresh analysis of the group reveals Panda has adopted a newly-updated infrastructure, payloads and targeting.
While considered unsophisticated, researchers warn that the threat group has a wide reach and has attacked organizations in banking, healthcare, transportation and IT services. So far, researchers estimate that Panda has made away with more than $100,000 in Monero – and with attacks as recently as August 2019, the threat group isn’t ceasing its activities anytime soon, they said.
“Panda’s willingness to persistently exploit vulnerable web applications worldwide, their tools allowing them to traverse throughout networks, and their use of RATs, means that organizations worldwide are at risk of having their system resources misused for mining purposes or worse, such as exfiltration of valuable information,” said Christopher Evans and David Liebenberg with Cisco’s Talos research team.
Though harboring unsophisticated payloads, the Panda threat group has updated its tactics – from targets to infrastructure – and successfully mined hundreds of thousands of dollars using cryptomining malware.