Updated on 2022-12-08
Latest research by Blackberry revealed that the Chinese state-sponsored Mustang Panda group is leveraging Russia-Ukraine war-related lures to attack Asia Pacific and European entities. Read more: Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
Updated on 2022-12-07
BlackBerry’s security team has a breakdown of a recent Mustang Panda APT spear-phishing campaign delivering the PlugX malware. Read more: Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
Updated on 2022-12-05
Avast has a write-up on a Mustang Panda APT campaign that is heavily exfiltrating data from Myanmar government agencies and embassies across the world. The stolen data includes email inbox dumps, stolen documents, and browser data (passwords, cookies, history, and payment card information). It’s a pretty cool report overall since it focuses on analyzing exfil methods and infrastructure, stuff that’s not typically covered in APT reports. Read more: Hitching a ride with Mustang Panda
Updated on 2022-11-22: Claimloader
The LAC threat analysis team has a report out on a recent spear-phishing operation carried out by the Mustang Panda APT, which deployed the Claimloader trojan on infected systems. Claimloader appears to be a variation of the malware Cisco Talos first spotted and documented back in May. Read more:
- 中国圏拠点のMustang Pandaがマルウェア「Claimloader」で標的型攻撃、日本にも影響か
- Mustang Panda deploys a new wave of malware targeting Europe
Updated on 2022-11-21: Earth Preta
Trend Micro has an analysis of some recent spear-phishing operations carried out by the Earth Preta APT against government networks worldwide. The operation began in March this year and tried to infect victims with malware such as TONEINS, TONESHELL, and PUBLOAD. The group is also known as Mustang Panda and Bronze President. Read more: Earth Preta Spear-Phishing Governments Worldwide
Updated on 2022-11-18
A large-scale spear-phishing campaign by Mustang Panda APT was found targeting academic, government, research, and foundation sectors worldwide. Read more: Earth Preta Spear-Phishing Governments Worldwide
Updated on 2022-10-10
BlackBerry’s security team published a report last week on a recent campaign carried out by Mustang Panda, a Chinese government-linked espionage group, against Myanmar government agencies.
Updated on May 2022: Chinese APT using new version of PlugX malware
The Chinese state-sponsored actor Bronze President (aka Mustang Panda) recently started deploying a new version of the PlugX malware in several espionage campaigns. Security researchers say the group is actively targeting the Russian military. The group is sending targets a decoy document alleged to relate to the Russian military, though it eventually downloads a malicious DLL that loads an updated version of PlugX, a remote access Trojan (RAT) previously associated with Bronze President. This group is known to previously target Asian countries with its malware, and is particularly surprising given China is military allies with Russia and has yet to strongly condemn the country’s invasion of Ukraine. Once installed, PlugX can remotely monitor and access the targeted machine.
Read more in
A PRC-aligned group, Mustang Panda (aka Red Delta or TA416) has been targeting European diplomats using the war in Ukraine as a lure. Both Google’s TAG and Proofpoint (a corporate sponsor of this newsletter) report on the activity, which looks to be the same based on the use of the same lure document “Situation at the EU borders with Ukraine.zip”. Interestingly, although Google reports that Mustang Panda focuses on Southeast Asia, Proofpoint found consistent targeting of European diplomatic entities dating back to 2020.