Evasive Panda DNS poisoning MgBot espionage campaign
Campaign
Summary
Hide ▲
Show ▼
Evasive Panda ran a highly targeted cyber espionage campaign that used DNS poisoning to deliver MgBot to victims in Türkiye, China, and India. The operation was observed from November 2022 to November 2024, showing sustained targeting across multiple countries. It relied on AitM redirection and fake software-update lures to seed a loader chain and maintain access on victim systems.
Related Happenings
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation
Campaign
First: 07.02.2026 17:09
Last: 07.02.2026 17:09
Sources 1
About this happening:
The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...
TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation
CampaignAbout this happening: The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...
DKnife gateway-monitoring malware framework
Malware Activity
First: 06.02.2026 19:00
Last: 06.02.2026 19:00
Sources 1
About this happening:
The discovery of **DKnife** exposes a **long-running malware framework** that has remained active since at least **2019**, raising the risk of **gateway-level traffic interception...
DKnife gateway-monitoring malware framework
Malware ActivityAbout this happening: The discovery of **DKnife** exposes a **long-running malware framework** that has remained active since at least **2019**, raising the risk of **gateway-level traffic interception...
BadIIS malware deployment on compromised IIS servers in Thailand and Vietnam
Malware Activity
First: 30.01.2026 14:08
Last: 30.01.2026 14:08
Sources 1
About this happening:
**BadIIS** is a **malicious native IIS module** used on **compromised IIS servers** to support **SEO fraud** and traffic manipulation. **Cisco Talos** says the activity is tied to...
BadIIS malware deployment on compromised IIS servers in Thailand and Vietnam
Malware ActivityAbout this happening: **BadIIS** is a **malicious native IIS module** used on **compromised IIS servers** to support **SEO fraud** and traffic manipulation. **Cisco Talos** says the activity is tied to...
Mustang Panda multi-country espionage campaign against government and telecom targets
Campaign
First: 28.01.2026 13:40
Last: 28.01.2026 13:40
Sources 1
About this happening:
A **Mustang Panda** espionage campaign targeted **government entities** across **Myanmar, Mongolia, Malaysia, and Russia**, showing sustained multi-country activity from **2021-20...
Mustang Panda multi-country espionage campaign against government and telecom targets
CampaignAbout this happening: A **Mustang Panda** espionage campaign targeted **government entities** across **Myanmar, Mongolia, Malaysia, and Russia**, showing sustained multi-country activity from **2021-20...
Timeline
-
26.12.2025 16:44 2 articles · 5mo ago
Evasive Panda DNS poisoning MgBot espionage campaign
Initial DisclosureThe first phase used **AitM DNS poisoning** to reroute update traffic to attacker-controlled infrastructure and deliver a first-stage loader to selected victims.
Show sources
- China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware — thehackernews.com — 26.12.2025 16:44
- China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware — thehackernews.com — 26.12.2025 16:44