Hurricane Panda APT

Your consent is required to display this content from youtube - Privacy Settings
Click to Share This Post

Type: Unknown

Status: Inactive since Fall 2015

Other Names: Operation Umbrella Revolution, Operation Poisoned Hurricane

Active Since/Discovered: 2013

Last Report: December 2015

Targets: Telecommunications and technology companies. Targets confidential data and intellectual property

Target Sectors: internet services, engineering, and aerospace

Malware:

  • RATs – Sakula Gh0st, PlugX, Hikit, Mimikatz
  • Webshell RAT – Chopper webshell
    • Easily obfuscated 70 byte text file that consists of an ‘eval()’ command
    • Used to provide full command execution and file upload/download capabilities to the attackers.
    • Typically uploaded to a web server via a SQL injection or WebDAV vulnerability

Preferred Attack Vector:  zero-day vulnerabilities; a DNS resolution exploitation technique; unique toolkit; and a SQL injection vulnerabilities

TTP:

  • Stolen data exfiltrated via FTP as multiple password protected RAR files
  • CVE-2014-4113

Unique:

  • used free DNS servers provided by Hurricane Electric to resolve well known domains to the desired attack infrastructure ip
Click Here to share this post
© 2020 ArtOfTheHak.All Rights Reserved
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Save