Deep Panda, the advanced persistent threat group, has launched new attacks using Log4shell to deploy the new Fire Chili rootkit. Known as Shell Crew, KungFu Kittens, and Bronze Firestone, Deep Panda has been one of China’s most infamous nation-state threat actors.
Recently, a report published by researchers Rotem Sde-Or and Eliran Voronovitch stated that the group has mainly attacked organizations belonging to financial, academic, cosmetics, and travel industries. The report also noted the Deep Panda’s recent attack on VMWare Horizon servers, which is done by exploiting Log4Shell, a critical flaw in the Apache Log4J Java logging library (CVE-2021-44228, CVSS 10.0) that results in the embedding of a backdoor named Milestone (1.dll).
Additionally, a rootkit named ‘Fire Chili’ was also deployed alongside Milestone, which signs a stolen digital certificate to enable covert attacks and sign-off malicious tools. This ensures that the targeted device does not operate in safe mode.