Vulnerability Management, Critical Infrastructure Security, Malware

Government networks worldwide under attack from Mustang Panda

Government, research, and education sectors worldwide, particularly in the Asia Pacific region, have been targeted by spear-phishing attacks by Chinese state-sponsored hacking group Mustang Panda, also known as Earth Preta, Bronze President, Red Lich, and HoneyMyte, The Hacker News reports. New techniques have been employed by Mustang Panda to facilitate the deployment of the bespoke TONEINS, TONESHELL, and PUBLOAD malware families, which are being distributed through spear-phishing emails involving Google Drive links, according to a report from Trend Micro. Decoy documents pertaining to controversial geopolitical themes have been used by Mustang Panda to obtain initial access and eventually enable malware delivery, the foremost of which is TONESHELL. Mustang Panda "is a cyber espionage group known to develop their own loaders in combination with existing tools like PlugX and Cobalt Strike for compromise... Once the group has infiltrated a targeted victim's systems, the sensitive documents stolen can be abused as the entry vectors for the next wave of intrusions. This strategy largely broadens the affected scope in the region involved," said Trend Micro.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds