Security News > 2022 > March > New cyberespionage campaign targeting ISPs, research entities

New cyberespionage campaign targeting ISPs, research entities
2022-03-24 09:41

ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group.

The current campaign exploits the war in Ukraine and other European news topics.

One of the filenames related to this campaign is "Situation at the EU borders with Ukraine.exe".

"Based on code similarities and the many commonalities in Tactics, Techniques, and Procedures, ESET researchers attribute this campaign with high confidence to Mustang Panda, also known as TA416, RedDelta, or PKPLUG. It is a cyberespionage group mainly targeting governmental entities and NGOs," explains ESET malware researcher Alexandre Côté Cyr who discovered Hodur.

The group is also known for its campaign targeting the Vatican in 2020.

While researchers haven't been able to identify the verticals of all victims, this campaign seems to have the same targeting objectives as other Mustang Panda campaigns.


News URL

https://www.helpnetsecurity.com/2022/03/24/cyberespionage-campaign-korplug/