Security News > 2022 > April > Chinese state-backed hackers now target Russian state officers
Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda.
The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.
Upon launching the executable, a host of additional files are fetched, including the previously mentioned decoy EU document, a malicious DLL loader, an encrypted PlugX variant, and a digitally signed.
Loading PlugX. The DLL loader performs DLL search order hijacking using a legitimate signed file that is vulnerable to this trick.
Dll DLL loader in a stealthy manner that does not trigger security solutions on the system.
Although Mustang Panda continues deploying the same malware strains and loader tools, and even though parts of its infrastructure overlap with past campaigns, the threat actor remains relatively stealthy and potent.
News URL
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)