Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
Feb 21, 2024
Malware / Cyber Espionage
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu and Pierre Lee said in a new technical write-up. Targets of DOPLUGS have been primarily located in Taiwan, and Vietnam, and to a lesser extent in Hong Kong, India, Japan, Malaysia, Mongolia, and even China. PlugX is a staple tool of Mustang Panda , which is also tracked as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and TEMP.Hex. It's known to be active since at least 2012, although it first came to light in 2017. The threat actor's tradecraft entails carrying out well-forged spear-phishing campaigns that a