African telcos targeted by Chinese Daggerfly cyberattacks

The Hacker News reports that China-linked threat operation Daggerfly, also known as Bronze Highland and Evasive Panda, has been targeting African telecommunications providers in cyberattacks since November. Daggerfly's campaign involves attack chains utilizing PowerShell and BITSAdmin for next-stage payload delivery, while persistence is being established through the MgBot modular framework, which consists of plugins with browser data gathering, keystroke logging, screenshot capturing, audio recording, and Active Directory service enumerating capabilities, according to a report from Symantec. "All of these capabilities would have allowed the attackers to collect a significant amount of information from victim machines. The capabilities of these plugins also show that the main goal of the attackers during this campaign was information-gathering," said Symantec. Aside from leveraging new MgBot malware plugins, Daggerfly has also been using a PlugX loader and exploiting the AnyDesk remote desktop software. Symantec also emphasized the persistent cyberespionage threat being faced by telecommunications firms due to the potential widespread compromise that could be caused by their access to end-users' communications.