Security News > 2022 > March > Chinese 'Mustang Panda' Hackers Spotted Deploying New 'Hodur' Malware
A China-based advanced persistent threat known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines.
Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX variant called THOR that came to light in July 2021.
Mustang Panda, also known as TA416, HoneyMyte, RedDelta, or PKPLUG, is a cyber espionage group that's primarily known for targeting non-governmental organizations with a specific focus on Mongolia.
"The variant used in this campaign bears many similarities to the THOR variant, which is why we have named it Hodur," explained.
The findings from ESET line up with public disclosures from Google's Threat Analysis Group and Proofpoint, both of which detailed a Mustang Panda campaign to distribute an updated PlugX variant earlier this month.
"The decoys used in this campaign show once more how quickly Mustang Panda is able to react to world events," Côté Cyr said.
News URL
https://thehackernews.com/2022/03/chinese-mustang-panda-hackers-spotted.html
Related news
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)