{"id":328,"date":"2025-12-26T16:04:27","date_gmt":"2025-12-26T16:04:27","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/"},"modified":"2025-12-26T16:04:27","modified_gmt":"2025-12-26T16:04:27","slug":"china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/","title":{"rendered":"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware"},"content":{"rendered":"<div>A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in T\u00fcrkiye, China, and India.<br \/>\nThe activity, Kaspersky said, was observed between November 2022 and November 2024. It has been linked to a<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in T\u00fcrkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-328","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in T\u00fcrkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-26T16:04:27+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware\",\"datePublished\":\"2025-12-26T16:04:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/\"},\"wordCount\":69,\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/\",\"name\":\"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2025-12-26T16:04:27+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/","og_locale":"en_US","og_type":"article","og_title":"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware - Imperative Business Ventures Limited","og_description":"A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in T\u00fcrkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2025-12-26T16:04:27+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware","datePublished":"2025-12-26T16:04:27+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/"},"wordCount":69,"keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/","url":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/","name":"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2025-12-26T16:04:27+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2025\/12\/26\/china-linked-evasive-panda-ran-dns-poisoning-campaign-to-deliver-mgbot-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=328"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/328\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}