Security News > 2022 > April > Chinese state-backed hackers now target Russian state officers
Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda.
The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.
Upon launching the executable, a host of additional files are fetched, including the previously mentioned decoy EU document, a malicious DLL loader, an encrypted PlugX variant, and a digitally signed.
Loading PlugX. The DLL loader performs DLL search order hijacking using a legitimate signed file that is vulnerable to this trick.
Dll DLL loader in a stealthy manner that does not trigger security solutions on the system.
Although Mustang Panda continues deploying the same malware strains and loader tools, and even though parts of its infrastructure overlap with past campaigns, the threat actor remains relatively stealthy and potent.
News URL
Related news
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)