The China-linked nation-state hacking group known as Mustang Panda is utilizing lures associated to the continued Russo-Ukrainian Struggle to assault entities in Europe and the Asia Pacific.
That is in line with the BlackBerry Analysis and Intelligence Group, which analyzed a RAR archive file titled “Political Steering for the brand new EU method in the direction of Russia.rar.” A few of the focused nations embody Vietnam, India, Pakistan, Kenya, Turkey, Italy, and Brazil.
Mustang Panda is a prolific cyber-espionage group from China that is additionally tracked beneath the names Bronze President, Earth Preta, HoneyMyte, RedDelta, and Crimson Lich.
It is believed to be lively since no less than July 2018, per Secureworks’ menace profile, though indications are that the menace actor has been concentrating on entities worldwide as early as 2012.
Mustang Panda is thought to closely depend on sending weaponized attachments by way of phishing emails to attain preliminary an infection, with the intrusions finally resulting in the deployment of the PlugX distant entry trojan.
Nevertheless, current spear-phishing assaults undertaken by the group concentrating on authorities, schooling, and analysis sectors within the Asia Pacific area have concerned customized malware like PUBLOAD, TONEINS, and TONESHELL, suggesting an enlargement to its malware arsenal.
The newest findings from BlackBerry present that the core an infection course of has remained kind of the identical, whilst Mustang Panda continues to make the most of geopolitical occasions to their benefit, echoing prior stories from Google and Proofpoint.
Contained inside the decoy archive is a shortcut to a Microsoft Phrase file, which leverages DLL side-loading – a way that was additionally employed in assaults aimed toward Myanmar earlier this yr – to kick off the execution of PlugX in reminiscence, earlier than displaying the doc’s contents.
“Their assault chain stays according to the continued use of archive information, shortcut information, malicious loaders, and using the PlugX malware, though their supply setup is normally custom-made per area/nation to lure victims into executing their payloads within the hope of building persistence with the intent of espionage,” BlackBerry’s Dmitry Bestuzhev informed The Hacker Information.