Security News > 2022 > March > Chinese 'Mustang Panda' Hackers Spotted Deploying New 'Hodur' Malware
A China-based advanced persistent threat known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines.
Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX variant called THOR that came to light in July 2021.
Mustang Panda, also known as TA416, HoneyMyte, RedDelta, or PKPLUG, is a cyber espionage group that's primarily known for targeting non-governmental organizations with a specific focus on Mongolia.
"The variant used in this campaign bears many similarities to the THOR variant, which is why we have named it Hodur," explained.
The findings from ESET line up with public disclosures from Google's Threat Analysis Group and Proofpoint, both of which detailed a Mustang Panda campaign to distribute an updated PlugX variant earlier this month.
"The decoys used in this campaign show once more how quickly Mustang Panda is able to react to world events," Côté Cyr said.
News URL
https://thehackernews.com/2022/03/chinese-mustang-panda-hackers-spotted.html
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)