Security News > 2020 > November > Chinese Threat Actor 'Mustang Panda' Updates Tools in Attacks on Vatican

A Chinese threat actor tracked as Mustang Panda was observed using an updated arsenal of tools in recent attacks, Proofpoint's security researchers revealed on Monday.
Also referred to as TA416 and RedDelta, the threat group is known for the targeting of entities connected to the diplomatic relations between the Vatican and the Chinese Communist Party, along with entities in Myanmar, and the new campaign appears to be a continuation of that activity.
Phishing lures used in recent attacks show a focus on the relations between the Vatican and the Chinese Communist Party, as well as spoofed emails imitating journalists from the Union of Catholic Asia News.
The RAR archives used in this campaign include, among others, the encrypted PlugX payload, a legitimate Adobe executable for side loading, and a Golang binary to decrypt and load the payload. According to Proofpoint, this is the first time the adversary has used a Golang binary in their attacks.
The malware variant used in these attacks remains consistent when compared to previously observed versions, as does the command and control communication in these PlugX samples.
News URL
Related news
- Online crime-as-a-service skyrockets with 24,000 users selling attack tools (source)
- Outsmarting Cyber Threats with Attack Graphs (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Who's calling? The threat of AI-powered vishing attacks (source)
- Interlock ransomware gang pushes fake IT tools in ClickFix attacks (source)
- Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools (source)