Chinese ‘Mustang Panda’ Hackers Actively Targeting Governments Worldwide

Nov 19, 2022Ravie Lakshmanan

A notorious advanced persistent threat actor known as Mustang Panda has been linked to a spate of spear-phishing attacks targeting government, education, and research sectors across the world.

The primary targets of the intrusions from May to October 2022 included counties in the Asia Pacific region such as Myanmar, Australia, the Philippines, Japan, and Taiwan, cybersecurity firm Trend Micro said in a Friday report.

Mustang Panda, also called Bronze President, Earth Preta, HoneyMyte, and Red Lich, is a China-based espionage actor believed to be active since at least July 2018. The group is known for its use of malware such as China Chopper and PlugX to collect data from compromised environments.

Activities of the group chronicled by ESET, Google, Proofpoint, Cisco Talos, and Secureworks this year have revealed the threat actor’s pattern of using PlugX (and its variant called Hodur) to infect a wide range of entities in Asia, Europe, the Middle East, and the Americas.

The latest findings from Trend Micro show that Mustang Panda continues to evolve its tactics in a strategy to evade detection and adopt infection routines that lead to the deployment of bespoke malware families like TONEINS, TONESHELL, and PUBLOAD.

Mustang Panda

“Earth Preta abused fake Google accounts to distribute the malware via spear-phishing emails, initially stored in an archive file (such as RAR/ZIP/JAR) and distributed through Google Drive links,” researchers Nick Dai, Vickie Su, and Sunny Lu said.

Initial access is facilitated through decoy documents that cover controversial geopolitical themes to entice the targeted organizations into downloading and triggering the malware.

In some cases, the phishing messages were sent from previously compromised email accounts belonging to specific entities, indicating the efforts undertaken by the Mustang Panda actor to increase the likelihood of the success of its campaigns.

Read the full article here

Hosted by
News Room

Cybervizer is a blog and podcast site that focuses on the latest technology and cybersecurity topics that are impacting enterprises, both small and large. Join us to explore the most important trends in enterprise technology and cybersecurity today. Get true insights into the tech and trends that will impact you and your organization.


Sign Up for Our Morning Boot Cybersecurity Newsletter


Sponsored Ad

Cybervizer Recommended Book