China-aligned APT is exploring new technology stacks for malicious tools

2023-03-07 04:30

ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group.

Due to the nature of the decoy filenames used, researchers believe that political and governmental organizations in Europe and Asia are also being targeted.

The Mustang Panda campaign is ongoing as of this writing, and the group has increased its activity in Europe since Russia invaded Ukraine.

"Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," says ESET researcher Alexandre Côté Cyr, who discovered the ongoing campaign.

"This new MQsTTang backdoor provides a kind of remote shell without any of the bells and whistles associated with the group's other malware families. However, it shows that Mustang Panda is exploring new technology stacks for its tools," he explains.

The victimology is unclear, but the decoy filenames make ESET believe that political and governmental organizations in Europe and Asia are also being targeted.

News URL

https://www.helpnetsecurity.com/2023/03/07/mqsttang-apt-new-tools/

#APT #china #tools