Myanmar had its Ministries of Defence and Foreign Affairs suspected to be compromised by Chinese state-backed advanced persistent threat operation Mustang Panda, also known as Earth Preta, Camaro Dragon, Bronze President, and Stately Taurus, in separate attack campaigns this month and in November, reports The Hacker News.
Mustang Panda's initial attacks involved the distribution of a phishing email with an executable using a meeting with Myanmar's National Defence and Security Council as a lure to facilitate the delivery of the PUBLOAD loader, which would then deploy the PlugX malware, a report from CSIRT-CTI revealed. Attackers also sought to distribute PlugX in this month's campaign, which involved the spread of an optical disc image triggering the TONESHELL loader.
Both campaigns were noted to be similar to attacks by Mustang Panda against Asian and European entities last February.
"Following the rebel attacks in northern Myanmar [in October 2023], China has expressed concern regarding its effect on trade routes and security around the Myanmar-China border... Stately Taurus operations are known to align with geopolitical interests of the Chinese government, including multiple cyberespionage operations against Myanmar in the past," said the report.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.