Security News > 2022 > May > Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers
The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos said in a new report detailing the group's evolving modus operandi.
The group is known to have targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access.
Phishing messages attributed to the campaign contain malicious lures masquerading as official European Union reports on the ongoing conflict in Ukraine or Ukrainian government reports, both of which download malware onto compromised machines.
The findings follow a recent report from Secureworks that the group may have been targeting Russian government officials using a decoy containing PlugX that disguised itself as a report on the border detachment to Blagoveshchensk.
Other than PlugX, infection chains utilized by the APT group have involved the deployment of custom stagers, reverse shells, Meterpreter-based shellcode, and Cobalt Strike, all of which are used to establish remote access to their targets with the intention of conducting espionage and information theft.
"By using summit- and conference-themed lures in Asia and Europe, this attacker aims to gain as much long-term access as possible to conduct espionage and information theft," Talos researchers said.
News URL
https://thehackernews.com/2022/05/experts-uncover-new-espionage-attacks.html
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation (source)