Skip to Content

Bronze President / Red Delta / TA416 / Mustang Panda / Earth Preta APT

Updated on 2022-11-22: Claimloader

The LAC threat analysis team has a report out on a recent spear-phishing operation carried out by the Mustang Panda APT, which deployed the Claimloader trojan on infected systems. Claimloader appears to be a variation of the malware Cisco Talos first spotted and documented back in May. Read more:

Schematic diagram of attacks from archive files

Updated on 2022-11-21: Earth Preta

Trend Micro has an analysis of some recent spear-phishing operations carried out by the Earth Preta APT against government networks worldwide. The operation began in March this year and tried to infect victims with malware such as TONEINS, TONESHELL, and PUBLOAD. The group is also known as Mustang Panda and Bronze President. Read more: Earth Preta Spear-Phishing Governments Worldwide

Updated on 2022-11-18

A large-scale spear-phishing campaign by Mustang Panda APT was found targeting academic, government, research, and foundation sectors worldwide. Read more: Earth Preta Spear-Phishing Governments Worldwide

Updated on 2022-10-10

BlackBerry’s security team published a report last week on a recent campaign carried out by Mustang Panda, a Chinese government-linked espionage group, against Myanmar government agencies.

Updated on May 2022: Chinese APT using new version of PlugX malware

The Chinese state-sponsored actor Bronze President (aka Mustang Panda) recently started deploying a new version of the PlugX malware in several espionage campaigns. Security researchers say the group is actively targeting the Russian military. The group is sending targets a decoy document alleged to relate to the Russian military, though it eventually downloads a malicious DLL that loads an updated version of PlugX, a remote access Trojan (RAT) previously associated with Bronze President. This group is known to previously target Asian countries with its malware, and is particularly surprising given China is military allies with Russia and has yet to strongly condemn the country’s invasion of Ukraine. Once installed, PlugX can remotely monitor and access the targeted machine.

Read more in

Overview

A PRC-aligned group, Mustang Panda (aka Red Delta or TA416) has been targeting European diplomats using the war in Ukraine as a lure. Both Google’s TAG and Proofpoint (a corporate sponsor of this newsletter) report on the activity, which looks to be the same based on the use of the same lure document “Situation at the EU borders with Ukraine.zip”. Interestingly, although Google reports that Mustang Panda focuses on Southeast Asia, Proofpoint found consistent targeting of European diplomatic entities dating back to 2020.

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.