Security News > 2022 > December > Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities
The China-linked nation-state hacking group referred to as Mustang Panda is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific.
Mustang Panda is a prolific cyber-espionage group from China that's also tracked under the names Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich.
Mustang Panda is known to heavily rely on sending weaponized attachments via phishing emails to achieve initial infection, with the intrusions eventually leading to the deployment of the PlugX remote access trojan.
Recent spear-phishing attacks undertaken by the group targeting government, education, and research sectors in the Asia Pacific region have involved custom malware like PUBLOAD, TONEINS, and TONESHELL, suggesting an expansion to its malware arsenal.
The latest findings from BlackBerry show that the core infection process has remained more or less the same, even as Mustang Panda continues to utilize geopolitical events to their advantage, echoing prior reports from Google and Proofpoint.
"Their attack chain remains consistent with the continued use of archive files, shortcut files, malicious loaders, and the use of the PlugX malware, although their delivery setup is usually customized per region/country to lure victims into executing their payloads in the hope of establishing persistence with the intent of espionage," BlackBerry's Dmitry Bestuzhev told The Hacker News.
News URL
https://thehackernews.com/2022/12/chinese-hackers-using-russo-ukrainian.html
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)