Security News > 2022 > November > Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide

A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world.

Mustang Panda, also called Bronze President, Earth Preta, HoneyMyte, and Red Lich, is a China-based espionage actor believed to be active since at least July 2018.

The group is known for its use of malware such as China Chopper and PlugX to collect data from compromised environments.

The latest findings from Trend Micro show that Mustang Panda continues to evolve its tactics in a strategy to evade detection and adopt infection routines that lead to the deployment of bespoke malware families like TONEINS, TONESHELL, and PUBLOAD. "Earth Preta abused fake Google accounts to distribute the malware via spear-phishing emails, initially stored in an archive file and distributed through Google Drive links," researchers Nick Dai, Vickie Su, and Sunny Lu said.

Initial access is facilitated through decoy documents that cover controversial geopolitical themes to entice the targeted organizations into downloading and triggering the malware.

In some cases, the phishing messages were sent from previously compromised email accounts belonging to specific entities, indicating the efforts undertaken by the Mustang Panda actor to increase the likelihood of the success of its campaigns.

News URL

https://thehackernews.com/2022/11/chinese-mustang-panda-hackers-actively.html