Government, research, and education sectors worldwide, particularly in the Asia Pacific region, have been targeted by spear-phishing attacks by Chinese state-sponsored hacking group Mustang Panda, also known as Earth Preta, Bronze President, Red Lich, and HoneyMyte, The Hacker News reports.
New techniques have been employed by Mustang Panda to facilitate the deployment of the bespoke TONEINS, TONESHELL, and PUBLOAD malware families, which are being distributed through spear-phishing emails involving Google Drive links, according to a report from Trend Micro.
Decoy documents pertaining to controversial geopolitical themes have been used by Mustang Panda to obtain initial access and eventually enable malware delivery, the foremost of which is TONESHELL. Mustang Panda "is a cyber espionage group known to develop their own loaders in combination with existing tools like PlugX and Cobalt Strike for compromise... Once the group has infiltrated a targeted victim's systems, the sensitive documents stolen can be abused as the entry vectors for the next wave of intrusions. This strategy largely broadens the affected scope in the region involved," said Trend Micro.
Vulnerability Management, Critical Infrastructure Security, Malware
Government networks worldwide under attack from Mustang Panda
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds