Security News > 2023 > March > Chinese hackers use new custom backdoor to evade detection
The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.
Mustang Panda is an advanced persistent threat group known to target organizations worldwide in data theft attacks using customized versions of the PlugX malware.
Mustang Panda's new MQsTTang backdoor malware does not appear to be based on previous malware, indicating the hackers likely developed it to evade detection and make attribution harder.
The malware distribution happens through spear-phishing emails, while the payloads are downloaded from GitHub repositories created by a user associated with previous Mustang Panda campaigns.
"This new MQsTTang backdoor provides a kind of remote shell without any of the bells and whistles associated with the group's other malware families," reads the ESET report.
Persistence is established by adding a new registry key under "HKCUSoftwareMicrosoftWindowsCurrentVersionRun," which launches the malware at system startup.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)