#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Mustang Panda | Breaking Cybersecurity News | The Hacker News

Category — Mustang Panda
Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries

Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries

Mar 27, 2024 Cyber Espionage / Vulnerability
Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as  Mustang Panda , which has been recently linked to  cyber attacks against Myanmar  as well as other Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed  DOPLUGS . Mustang Panda, also called Camaro Dragon, Earth Preta, and Stately Taurus, is believed to have targeted entities in Myanmar, the Philippines, Japan and Singapore, targeting them with phishing emails designed to deliver two malware packages. "Threat actors created malware for these packages on March 4-5, 2024, coinciding with the ASEAN-Australia Special Summit (March 4-6, 2024)," Palo Alto Networks Unit 42  said  in a report shared with The Hacker News. One of the malware package is a ZIP...
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS

Feb 21, 2024 Malware / Cyber Espionage
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu and Pierre Lee  said  in a new technical write-up. Targets of DOPLUGS have been primarily located in Taiwan, and Vietnam, and to a lesser extent in Hong Kong, India, Japan, Malaysia, Mongolia, and even China. PlugX is a staple tool of  Mustang Panda , which is also tracked as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and TEMP.Hex. It's known to be active since at least 2012, although it first came to light in 2017. The threat actor's tradecraft entails carrying out well-forged spear-phishing campaigns that a...
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Dec 04, 2024Risk Management / Zero Trust
Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...
China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

Jan 30, 2024 Malware / Cyber Espionage
The China-based threat actor known as  Mustang Panda  is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November 2023 and January 2024 after artifacts in connection with the attacks were uploaded to the VirusTotal platform. "The most prominent of these TTPs are the use of legitimate software including a binary developed by engineering firm Bernecker & Rainer (B&R) and a component of the Windows 10 upgrade assistant to sideload malicious dynamic-link libraries (DLLs)," CSIRT-CTI  said . Mustang Panda, active since at least 2012, is also recognized by the cybersecurity community under the names BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, and TEMP.Hex. In recent months, the adversary has been attributed to attacks targeting...
cyber security

The AppSec & R&D Playbook: How to Align Security and Innovation

websiteBackslashApplication Security
AppSec vs. R&D? Bridge the gap with clear steps to streamline workflows and foster collaboration.
Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities

Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities

Dec 07, 2022 Spear Phishing / Cyber Espionage
The China-linked nation-state hacking group referred to as  Mustang Panda  is using lures related to the ongoing Russo-Ukrainian War to attack entities in Europe and the Asia Pacific. That's according to the BlackBerry Research and Intelligence Team, which  analyzed  a RAR archive file titled "Political Guidance for the new EU approach towards Russia.rar." Some of the targeted countries include Vietnam, India, Pakistan, Kenya, Turkey, Italy, and Brazil. Mustang Panda is a prolific cyber-espionage group from China that's also tracked under the names Bronze President, Earth Preta, HoneyMyte, RedDelta, and Red Lich. It's believed to be active since at least July 2018, per Secureworks'  threat profile , although indications are that the threat actor has been targeting entities worldwide as early as 2012. Mustang Panda is known to heavily rely on sending weaponized attachments via phishing emails to achieve initial infection, with the intrusions eventually le...
Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide

Chinese 'Mustang Panda' Hackers Actively Targeting Governments Worldwide

Nov 19, 2022
A notorious advanced persistent threat actor known as  Mustang Panda  has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world. The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific region such as Myanmar, Australia, the Philippines, Japan, and Taiwan, cybersecurity firm Trend Micro  said  in a Friday report.  Mustang Panda, also called Bronze President, Earth Preta, HoneyMyte, and Red Lich, is a China-based espionage actor believed to be active since at least July 2018. The group is known for its use of malware such as China Chopper and PlugX to collect data from compromised environments. Activities of the group chronicled by  ESET ,  Google, Proofpoint ,  Cisco Talos , and  Secureworks  this year have revealed the threat actor's pattern of using PlugX (and its variant called Hodur) to infect a wide range of entities in...
Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers

Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers

May 06, 2022
The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," Cisco Talos  said  in a new report detailing the group's evolving modus operandi. The group is known to have targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access. Phishing messages attributed to the campaign contain malicious lures masquerading as official European Union reports on the ongoing conflict in Ukraine or Ukrainian government reports, both of which download malware onto compromised machines. Also observed are phishing messages tailored to ta...
Expert Insights / Articles Videos
Cybersecurity Resources