Security News > 2023 > March > Chinese hackers use new custom backdoor to evade detection
The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.
Mustang Panda is an advanced persistent threat group known to target organizations worldwide in data theft attacks using customized versions of the PlugX malware.
Mustang Panda's new MQsTTang backdoor malware does not appear to be based on previous malware, indicating the hackers likely developed it to evade detection and make attribution harder.
The malware distribution happens through spear-phishing emails, while the payloads are downloaded from GitHub repositories created by a user associated with previous Mustang Panda campaigns.
"This new MQsTTang backdoor provides a kind of remote shell without any of the bells and whistles associated with the group's other malware families," reads the ESET report.
Persistence is established by adding a new registry key under "HKCUSoftwareMicrosoftWindowsCurrentVersionRun," which launches the malware at system startup.
News URL
Related news
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)