Evasive Panda DNS poisoning MgBot espionage campaign
Campaign
Summary
Hide ▲
Show ▼
Evasive Panda ran a highly targeted cyber espionage campaign that used DNS poisoning to deliver MgBot to victims in Türkiye, China, and India. The operation was observed from November 2022 to November 2024, showing sustained targeting across multiple countries. It relied on AitM redirection and fake software-update lures to seed a loader chain and maintain access on victim systems.
Related Happenings
StrikeShark SharkLoader and Cobalt Strike Beacon campaign
Campaign
H score42
First: 26.06.2026 21:17
Last: 26.06.2026 21:17
Sources 1
About this happening:
The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...
StrikeShark SharkLoader and Cobalt Strike Beacon campaign
CampaignAbout this happening: The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...
Operation Endgame takedown of Amadey and StealC infrastructure
Law Enforcement
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
About this happening:
An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
Operation Endgame takedown of Amadey and StealC infrastructure
Law EnforcementAbout this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
H score38
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Interpol Operation Ramz cybercrime crackdown in MENA
Law Enforcement
H score33
First: 18.05.2026 17:00
Last: 18.05.2026 17:00
Sources 1
About this happening:
**INTERPOL**-led **Operation Ramz** disrupted **Sniper Dz**, a decade-long **phishing-as-a-service (PhaaS)** platform, during **October 2025-February 2026**. Authorities in **13 M...
Interpol Operation Ramz cybercrime crackdown in MENA
Law EnforcementAbout this happening: **INTERPOL**-led **Operation Ramz** disrupted **Sniper Dz**, a decade-long **phishing-as-a-service (PhaaS)** platform, during **October 2025-February 2026**. Authorities in **13 M...
TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation
Campaign
H score30
First: 07.02.2026 17:09
Last: 07.02.2026 17:09
Sources 1
About this happening:
The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...
TGR-STA-1030/UNC6619 Shadow Campaigns espionage operation
CampaignAbout this happening: The **TGR-STA-1030/UNC6619** operation **Shadow Campaigns** expanded a state-sponsored espionage effort that compromised **at least 70 organizations** across **37 countries**, inc...
Timeline
-
26.12.2025 16:44 2 articles · 6mo ago
Evasive Panda DNS poisoning MgBot espionage campaign
Initial DisclosureThe first phase used **AitM DNS poisoning** to reroute update traffic to attacker-controlled infrastructure and deliver a first-stage loader to selected victims.
Show sources
- China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware — thehackernews.com — 26.12.2025 16:44
- China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware — thehackernews.com — 26.12.2025 16:44