MgBot

Kaspersky linked a China-aligned APT known as Evasive Panda to a campaign from November 2022 to November 2024 that used DNS poisoning to deliver an MgBot backdoor to targets in Türkiye, China and India, employing staged loaders, custom encryption and host-specific payloads.