Malware, Threat Intelligence

Updated malware arsenal touted by Mustang Panda

Laptop Screen Warning Alert: Cyber Attack, Virus, Malware, Spyware, System Hacked

Chinese advanced persistent threat group Mustang Panda, also known as Hive0154, has launched highly sophisticated attacks involving an updated Toneshell backdoor and the novel SnakeDisk USB malware against Southeast Asia, GBHackers News reports.

Increased stealth has been allowed by the new Toneshell9 malware variant, which not only permits dual reverse shell functionality and proxy-aware communications but also junk code injection and custom encryption capabilities, according to an IBM X-Force analysis. Mustang Panda has leveraged Toneshell9 to enable simultaneous C2 server, proxy configuration, and encryption key management, as well as Windows registry hive enumeration.

Meanwhile, Thailand was targeted by Mustang Panda with attacks involving the SnakeDisk malware, coinciding with the country's mounting tensions with Cambodia. Aside from having geolocation restrictions to Thailand and being spread via USB devices, SnakeDisk allows the delivery of the Yokai backdoor for persistence while concealing files within the USB device. Such findings should prompt the implementation of more stringent security measures among organizations across Southeast Asia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds