Comprehensive Threat Exposure Management Platform
Evasive Panda, a China-linked Advanced Persistent Threat group active since 2012 and also tracked as Bronze Highland, Daggerfly, Storm Cloud, StormBamboo, TAG-102, TAG-112, and Digging Taurus, has executed a sophisticated, highly-targeted cyber espionage campaign leveraging DNS poisoning techniques to deliver its signature MgBot backdoor malware. First observed in November 2022 and continuing through November 2024, this Evasive Panda campaign demonstrates the threat actor’s commitment to long-term intelligence collection operations targeting organizations in Turkey, China, and India across Windows platforms.
The Evasive Panda APT group performed adversary-in-the-middle attacks on specific victims, manipulating DNS responses to redirect legitimate software update requests to attacker-controlled servers. This DNS poisoning campaign by Evasive Panda exploited the trusted software update mechanisms of popular applications, particularly targeting users of SohuVA streaming application with trojanized updates that closely mimicked legitimate installers. The sophisticated Evasive Panda attack infrastructure enabled threat actors to selectively deploy malicious payloads only to specific environments, maintaining operational security while maximizing espionage effectiveness.
The Evasive Panda campaign employed multi-stage shellcode execution, hybrid encryption using Windows DPAPI and RC5 algorithms, and DLL sideloading techniques to maintain persistent, stealthy access to compromised systems. The MgBot malware used by Evasive Panda runs entirely in memory after being injected into legitimate processes such as svchost.exe using trusted but outdated signed executables. Evasive Panda victims remained compromised for over a year in some cases, demonstrating the threat actor’s sophisticated operational security and commitment to sustained intelligence collection operations against strategic targets.
The Evasive Panda APT group, also tracked as Bronze Highland, has been active for more than a decade, steadily refining its cyber espionage tradecraft since at least 2012. Analysis conducted in mid-2025 sheds light on a series of highly targeted Evasive Panda campaigns conducted between November 2022 and November 2024, in which the threat group relied heavily on adversary-in-the-middle techniques to compromise victims. These Evasive Panda operations were carefully staged, with malicious loaders deployed only to specific environments and encrypted malware components hosted on attacker-controlled infrastructure, activated selectively through crafted DNS requests that enabled precise targeting.
A notable evolution in these Evasive Panda campaigns is the introduction of a new, highly evasive loader designed to minimize detection during initial infection stages. Evasive Panda has paired this sophisticated loader with hybrid encryption schemes that complicate reverse engineering efforts and produce implants uniquely tailored to each victim environment. Central to this Evasive Panda approach is a custom injector that runs the MgBot malware entirely in memory, sideloading it into legitimate processes using trusted but outdated signed executables. By blending modern techniques with decade-old binaries, the Evasive Panda group maintains a low operational footprint while preserving persistence over extended periods.
The delivery mechanisms observed in these Evasive Panda attacks lean heavily on deception, particularly through fake software updates for widely trusted applications. In one prominent Evasive Panda campaign, victims were lured with a trojanized update masquerading as a legitimate installer for SohuVA, a popular streaming application in the targeted regions. The malicious executable created by Evasive Panda closely mirrored a genuine update and redirected users to attacker-controlled resources hosted behind domains associated with the real platform, exploiting user trust in familiar software.
While not definitively proven, the evidence suggests Evasive Panda employed DNS poisoning techniques to silently redirect software update requests, exploiting the application’s normal behavior of fetching binaries from predefined directories. This adversary-in-the-middle approach allowed Evasive Panda to intercept legitimate update traffic and substitute malicious payloads without alerting victims or security tools monitoring for traditional malware distribution methods.
Once executed, the Evasive Panda malware follows a complex, multi-stage execution flow designed to evade detection. The primary loader used by Evasive Panda, written in C++, resolves Windows APIs dynamically using hashing techniques and decrypts embedded shellcode directly in memory to avoid disk-based detection. The Evasive Panda loader adapts its behavior based on the current user context, performs runtime permission changes to execute payloads quietly, and relies on machine-specific encryption via Windows DPAPI to ensure that secondary components can only be decrypted on the original victim system.
When additional payloads are required, the Evasive Panda malware retrieves them through poisoned DNS responses that in some cases impersonate legitimate websites. The Evasive Panda infrastructure tailors payload delivery based on the detected operating system version, suggesting deliberate differentiation between Windows and macOS implants and demonstrating the threat actor’s capability to conduct cross-platform espionage operations.
Further analysis uncovered an Evasive Panda secondary loader disguised as a legitimate Windows DLL, leveraging a signed Python executable to load additional stages covertly. This Evasive Panda loader employs layered encryption using DPAPI combined with RC5, writes encrypted payloads to disk in a victim-specific format, and ultimately injects an MgBot variant into trusted processes such as svchost.exe to maintain stealth and persistence.
Taken together, these findings highlight Evasive Panda’s sustained investment in long-term espionage operations, marked by supply-chain abuse, adversary-in-the-middle and watering-hole techniques, and a carefully maintained command-and-control infrastructure designed to ensure resilience, persistence, and continued access to compromised environments for intelligence collection purposes.
Organizations must not automatically trust software updates, especially from third-party applications that may be targeted by Evasive Panda and similar APT groups. Enforce signature verification for all software updates, restrict automatic updates for non-critical software, and ensure update downloads occur only through secure, monitored channels. Implement application whitelisting and integrity monitoring to detect unauthorized modifications to legitimate software update mechanisms exploited by Evasive Panda campaigns.
Implement comprehensive DNS security controls and monitor for abnormal domain resolutions that may indicate Evasive Panda DNS poisoning attacks. Unexpected redirects or unusual IP mappings during software update checks should be investigated immediately as potential adversary-in-the-middle activity characteristic of Evasive Panda operations. Deploy DNS security solutions such as DNSSEC and monitor DNS query logs for anomalous patterns indicating DNS manipulation attempts.
Relying solely on file-based detection is insufficient against in-memory threats deployed by Evasive Panda APT campaigns. Monitor for abnormal DLL sideloading patterns, misuse of signed executables for malicious purposes, and suspicious memory permission changes that indicate stealthy execution of Evasive Panda malware. Deploy behavioral analysis tools capable of detecting process injection techniques, reflective code loading, and other memory-resident malware tactics employed by Evasive Panda threat actors.
Deploy next-generation antivirus and endpoint detection and response solutions to identify and block Evasive Panda malware variants including MgBot backdoors. Leverage behavioral analysis and machine learning-based detection to spot suspicious activity patterns characteristic of Evasive Panda campaigns, including long-term persistence mechanisms, encrypted command-and-control communications, and credential harvesting operations associated with sustained espionage activity.
Initial Access:
Execution:
Persistence:
Defense Evasion:
Credential Access:
Collection:
Command and Control:
MD5:
SHA256:
File Paths:
IPv4 Addresses:
Get through updates and upcoming events, and more directly in your inbox