{"id":46015,"date":"2022-04-01T11:54:00","date_gmt":"2022-04-01T11:54:00","guid":{"rendered":"http:\/\/6f82fa1c-a519-4044-8881-bcc1684ec3c0"},"modified":"2022-04-01T11:54:00","modified_gmt":"2022-04-01T11:54:00","slug":"chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/","title":{"rendered":"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\/2020\/10\/29\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" class=\"ff-og-image-inserted\"><\/div>\n<p>Deep Panda has launched new attacks this month that exploit Log4Shell to deploy the new Fire Chili rootkit.<\/p>\n<p><a href=\"https:\/\/attack.mitre.org\/groups\/G0009\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Deep Panda<\/a> is a Chinese advanced persistent threat (APT) hacking group that has been active for at least a decade. The APT targets government, defense, healthcare, telecoms, and financial organizations, to name a few, for purposes including data theft and surveillance. <\/p>\n<p>The cyberattackers have a wide range of malicious tools, including the Milestone backdoor and the Infoadmin Remote Access Trojan (RAT) based on Gh0st RAT code. There may also be <a href=\"https:\/\/www.zdnet.com\/article\/video-game-developers-under-siege-from-malware-able-to-plunder-in-game-cash\/\" target=\"_blank\" rel=\"noopener\">affiliation to Winnti<\/a>, a separate Chinese group known to target game developers and vendors. <\/p>\n<p>A new campaign detected by <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/deep-panda-log4shell-fire-chili-rootkits\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">FortiGuard Labs researchers<\/a> is the work of Deep Panda, which is targeting organizations in the finance, travel, and cosmetic industries. <\/p>\n<p>During the past month, FortiGuard has detected the group&#8217;s active exploitation of Log4Shell, a critical vulnerability in the Apache Log4J Java logging library (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">CVE-2021-44228<\/a>, CVSS 10.0), to spread a new, &#8220;novel&#8221; rootkit. <\/p>\n<p>Attackers from various groups <a href=\"https:\/\/www.zdnet.com\/article\/log4shell-exploited-to-infect-vmware-horizon-servers-with-backdoors-crypto-miners\/\" target=\"_blank\" rel=\"noopener\">use Log4Shell<\/a> to compromise VMware Horizon servers for data exfiltration and cryptojacking. <\/p>\n<p>In Deep Panda&#8217;s case, the new rootkit, dubbed Fire Chili, is designed to keep activities under the radar and is deployed alongside the Milestone backdoor. <\/p>\n<p>Fire Chili has been signed with a stolen digital certificate &#8212; the same used by Winnti to sign-off malicious tools &#8212; and will check to ensure the victim machine is not running in safe mode. <\/p>\n<p>&#8220;It then checks the operating system version,&#8221; the researchers say. &#8220;The rootkit uses Direct Kernel Object Modification (DKOM), which involves undocumented kernel structures and objects, for its operations. For this reason, it relies on specific OS builds as otherwise, it may cause the infected machine to crash.&#8221;<\/p>\n<p>The latest supported build is Windows 10 Creators Update (Redstone 2). <\/p>\n<p>Drivers are implemented to hide malicious objects from existing security systems. The rootkit will also tamper with the registry to stop malicious processes from being terminated, and a callback is generated to disguise newly-created processes from utilities including Task Manager. <\/p>\n<p>The researchers collected four-driver samples, both 32-bit and 64-bit, compiled in 2017. The samples were signed with stolen certificates issued by U.S. and Korean gaming companies. <\/p>\n<p>In addition, the malware can hide registry keys and TCP network connections.&nbsp;<\/p>\n<p>The Milestone backdoor is then installed on the target machine for ongoing data theft and persistence. The researchers also discovered a dropper containing a Milestone loader.<\/p>\n<p>&#8220;Although both Deep Panda and Winnti are known to use rootkits as part of their toolset, Fire Chili is a novel strain with a unique code base different from the ones previously affiliated with the groups,&#8221; FortiGuard says. &#8220;The reason these tools are linked to two different groups is unclear at this time. It&#8217;s possible that the groups&#8217; developers shared resources, such as stolen certificates and C2 infrastructure, with each other.&#8221;<\/p>\n<p><strong>See also<\/strong><\/p>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Log4Shell is being exploited to deploy the kernel rootkit.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-46015","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-01T11:54:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\/2020\/10\/29\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit\",\"datePublished\":\"2022-04-01T11:54:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/\"},\"wordCount\":509,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\\\/2020\\\/10\\\/29\\\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\\\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/\",\"name\":\"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\\\/2020\\\/10\\\/29\\\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\\\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"datePublished\":\"2022-04-01T11:54:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\\\/2020\\\/10\\\/29\\\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\\\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\\\/2020\\\/10\\\/29\\\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\\\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/","og_locale":"en_US","og_type":"article","og_title":"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-04-01T11:54:00+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\/2020\/10\/29\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit","datePublished":"2022-04-01T11:54:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/"},"wordCount":509,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\/2020\/10\/29\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/","url":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/","name":"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\/2020\/10\/29\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","datePublished":"2022-04-01T11:54:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\/2020\/10\/29\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/c3e1c2d0640c590f52859c806c2ebd498b7858d2\/2020\/10\/29\/fb2aba1d-2353-43ce-9bc1-70fd6770482c\/istock-10613231601.jpg?width=770&amp;height=578&amp;fit=crop&amp;auto=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinese-hackers-deep-panda-return-with-log4shell-exploits-new-fire-chili-rootkit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46015"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46015\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}