A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India.
The activity, Kaspersky said, was observed between November 2022 and November 2024. It has been linked to a
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
