Security News > 2023 > March > Chinese hackers use new custom backdoor to evade detection
The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.
Mustang Panda is an advanced persistent threat group known to target organizations worldwide in data theft attacks using customized versions of the PlugX malware.
Mustang Panda's new MQsTTang backdoor malware does not appear to be based on previous malware, indicating the hackers likely developed it to evade detection and make attribution harder.
The malware distribution happens through spear-phishing emails, while the payloads are downloaded from GitHub repositories created by a user associated with previous Mustang Panda campaigns.
"This new MQsTTang backdoor provides a kind of remote shell without any of the bells and whistles associated with the group's other malware families," reads the ESET report.
Persistence is established by adding a new registry key under "HKCUSoftwareMicrosoftWindowsCurrentVersionRun," which launches the malware at system startup.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)