Security News > 2022 > March > New Mustang Panda hacking campaign targets diplomats, ISPs
Security analysts have uncovered a malicious campaign from China-linked threat actor Mustang Panda, which has been running for at least eight months with a new variant of the Korplug malware called Hodur and custom loaders.
Also tracked as TA416, Mustang Panda is known to serve China-aligned interests and has been recently associated with phishing and espionage operations that targeted European diplomats.
In the latest known campaign, analyzed by cybersecurity company ESET, Mustang Panda focuses on European diplomats, ISPs, and research institutes, using phishing lures with decoy documents.
The targeting scope of Mustang Panda has remained largely unchanged in the past couple of years, so the threat group is mainly occupied with refreshing its lures and improving its toolset.
The one used by Mustang Panda in this campaign is very similar to THOR, a PlugX variant discovered by Unit 42 researchers last year.
ESET believes Mustang Panda will continue to improve its toolset, making it more potent and stealthy, while special attention has to be paid to phishing emails that appear very realistic.