Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

The China-linked APT group Evasive Panda conducted a cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor to victims in Türkiye, China, and India. This campaign, active from November 2022 to November 2024, utilized stealthy loaders and encrypted malware components, often masquerading as legitimate software updates, to maintain long-term persistence in targeted systems.