Security News > 2022 > April > Chinese state-backed hackers now target Russian state officers
Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda.
The threat group was previously seen orchestrating intelligence collection campaigns against European targets, employing phishing lures inspired by the Russian invasion of Ukraine.
Upon launching the executable, a host of additional files are fetched, including the previously mentioned decoy EU document, a malicious DLL loader, an encrypted PlugX variant, and a digitally signed.
Loading PlugX. The DLL loader performs DLL search order hijacking using a legitimate signed file that is vulnerable to this trick.
Dll DLL loader in a stealthy manner that does not trigger security solutions on the system.
Although Mustang Panda continues deploying the same malware strains and loader tools, and even though parts of its infrastructure overlap with past campaigns, the threat actor remains relatively stealthy and potent.
News URL
Related news
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)