Reserved IP Address°C
04-26-2025
BSV
$42.3
Vol 398.41m
18.29%
BTC
$94248
Vol 33548.12m
0.45%
BCH
$362.96
Vol 298.64m
-1.79%
LTC
$86.82
Vol 354.73m
2.16%
DOGE
$0.18
Vol 2099.54m
0.97%
Getting your Trinity Audio player ready...

A cryptocurrency hacking crew known as Panda has been identified by cybersecurity researchers, reported to be amongst the most prolific originators of crypto attacks.

The group is thought to have built up an arsenal of $90,000 worth of cryptocurrency, gained from the use of undetected mining malware and so-called remote access tools (RATs). While the group is seen by researchers as comparatively unsophisticated in their approach, Panda has been active over a number of years, according to the research conducted by Cisco Talos Intelligence Group.

Highlighted in their research is Panda’s reliance on exploiting vulnerable web apps, which had resulted in over 300,000 downloads of the malware by October 2018.

According to the firm, the group has been exploiting those slow to patch web apps with security updates, a technique they have been deploying continuously for maximum effect.

They also frequently update their targeting, using a variety of exploits to target multiple vulnerabilities, and is quick to start exploiting known vulnerabilities shortly after public POCs become available, becoming a menace to anyone slow to patch.

The group first came to light in 2018, after its successful MassMiner campaign was detected as a malicious cryptocurrency mining script, mining alternative cryptocurrency Monero (XMR).

Since then, the group has shifted to greater reliance on Mimikatz, a script which allows them to harvest sensitive information such as usernames and passwords. According to Talos research, Panda has been active across a range of industries, including targets in banking, transportation, telecommunications, IT services and healthcare.

There are suspicions that the mysterious group could be Chinese origin, named after a domain belonging to the group which itself was registered to a Chinese actor.

IP matching also points towards China, with the group seemingly unconcerned about going to lengths to conceal their identity. Researchers have even identified the type of web framework used to spread the attacks, which is especially popular in China.

“Panda’s operational security remains poor, with many of their old and current domains all hosted on the same IP and their TTPs remaining relatively similar throughout campaigns. The payloads themselves are also not very sophisticated,” according to the research.

The identification of Panda serves as a reminder of the dangers posed by scammers and cryptocurrency mining scripts in exploiting loopholes in web apps for profit. With at least hundreds of thousands potentially affected, Panda looks to be one of the leading sources of crypto mining scams.

Recommended for you

India’s quantum leap poses national security risks: NITI Aayog
NITI Aayog's report said that quantum techs would usher in next-generation advancements in defense and assess its impact on national...
April 24, 2025
India launches first full-stack quantum computing system
During World Quantum Day, India unveiled its first full-stack quantum computing system, positioning itself at the forefront of tech revolution.
April 23, 2025
Advertisement
Advertisement
Advertisement