Skip to Content

Bronze President / Red Delta / TA416 / Mustang Panda / Earth Preta APT

Updated on 2022-12-08

Latest research by Blackberry revealed that the Chinese state-sponsored Mustang Panda group is leveraging Russia-Ukraine war-related lures to attack Asia Pacific and European entities. Read more: Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets

Updated on 2022-12-07

BlackBerry’s security team has a breakdown of a recent Mustang Panda APT spear-phishing campaign delivering the PlugX malware. Read more: Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets

Updated on 2022-12-05

Avast has a write-up on a Mustang Panda APT campaign that is heavily exfiltrating data from Myanmar government agencies and embassies across the world. The stolen data includes email inbox dumps, stolen documents, and browser data (passwords, cookies, history, and payment card information). It’s a pretty cool report overall since it focuses on analyzing exfil methods and infrastructure, stuff that’s not typically covered in APT reports. Read more: Hitching a ride with Mustang Panda

Updated on 2022-11-22: Claimloader

The LAC threat analysis team has a report out on a recent spear-phishing operation carried out by the Mustang Panda APT, which deployed the Claimloader trojan on infected systems. Claimloader appears to be a variation of the malware Cisco Talos first spotted and documented back in May. Read more:

Schematic diagram of attacks from archive files

Updated on 2022-11-21: Earth Preta

Trend Micro has an analysis of some recent spear-phishing operations carried out by the Earth Preta APT against government networks worldwide. The operation began in March this year and tried to infect victims with malware such as TONEINS, TONESHELL, and PUBLOAD. The group is also known as Mustang Panda and Bronze President. Read more: Earth Preta Spear-Phishing Governments Worldwide

Updated on 2022-11-18

A large-scale spear-phishing campaign by Mustang Panda APT was found targeting academic, government, research, and foundation sectors worldwide. Read more: Earth Preta Spear-Phishing Governments Worldwide

Updated on 2022-10-10

BlackBerry’s security team published a report last week on a recent campaign carried out by Mustang Panda, a Chinese government-linked espionage group, against Myanmar government agencies.

Updated on May 2022: Chinese APT using new version of PlugX malware

The Chinese state-sponsored actor Bronze President (aka Mustang Panda) recently started deploying a new version of the PlugX malware in several espionage campaigns. Security researchers say the group is actively targeting the Russian military. The group is sending targets a decoy document alleged to relate to the Russian military, though it eventually downloads a malicious DLL that loads an updated version of PlugX, a remote access Trojan (RAT) previously associated with Bronze President. This group is known to previously target Asian countries with its malware, and is particularly surprising given China is military allies with Russia and has yet to strongly condemn the country’s invasion of Ukraine. Once installed, PlugX can remotely monitor and access the targeted machine.



A PRC-aligned group, Mustang Panda (aka Red Delta or TA416) has been targeting European diplomats using the war in Ukraine as a lure. Both Google’s TAG and Proofpoint (a corporate sponsor of this newsletter) report on the activity, which looks to be the same based on the use of the same lure document “Situation at the EU borders with”. Interestingly, although Google reports that Mustang Panda focuses on Southeast Asia, Proofpoint found consistent targeting of European diplomatic entities dating back to 2020.

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on