Cyber Attack cyber

U.S. NGO in China

Jul 25, 2024 1 min read
U.S. NGO in China

A China-linked APT group known as Daggerfly exploited a vulnerability in an Apache HTTP server to deliver MgBot malware, affecting a U.S. NGO based in China. The attack showcased the group's capabilities for espionage within the country through advanced backdooring techniques and malware deployment. Due to the sensitive nature of NGO work, the attack potentially compromised internal communications and could lead to intelligence collection for future operations, demonstrating the APT group's ability to innovate and adapt their toolset for targeted cyber espionage. The exact extent of the data breach remains undisclosed, but it raises concerns about the protection of operational information that is crucial to the NGO's mission and activities in the region.

Source: https://securityaffairs.com/166102/apt/daggerfly-macma-macos-backdoor.html

TPRM report: https://scoringcyber.rankiteo.com/company/china-institute

"id": "chi000072524",
"linkid": "china-institute",
"type": "Cyber Attack",
"date": "7/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Non-profit',
                        'location': 'China',
                        'type': 'NGO'}],
 'attack_vector': 'Exploiting vulnerability in Apache HTTP server',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Internal communications',
                                              'Operational information']},
 'description': 'A China-linked APT group known as Daggerfly exploited a '
                'vulnerability in an Apache HTTP server to deliver MgBot '
                'malware, affecting a U.S. NGO based in China. The attack '
                "showcased the group's capabilities for espionage within the "
                'country through advanced backdooring techniques and malware '
                'deployment. Due to the sensitive nature of NGO work, the '
                'attack potentially compromised internal communications and '
                'could lead to intelligence collection for future operations, '
                "demonstrating the APT group's ability to innovate and adapt "
                'their toolset for targeted cyber espionage. The exact extent '
                'of the data breach remains undisclosed, but it raises '
                'concerns about the protection of operational information that '
                "is crucial to the NGO's mission and activities in the region.",
 'impact': {'data_compromised': ['Internal communications',
                                 'Operational information'],
            'systems_affected': ['Apache HTTP server']},
 'initial_access_broker': {'backdoors_established': 'Yes',
                           'entry_point': 'Apache HTTP server vulnerability',
                           'high_value_targets': ['Internal communications',
                                                  'Operational information']},
 'motivation': 'Espionage',
 'threat_actor': 'Daggerfly APT Group',
 'title': 'Daggerfly APT Group Attack on U.S. NGO in China',
 'type': 'Cyber Espionage',
 'vulnerability_exploited': 'Apache HTTP server vulnerability'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.