Priya PatelTLDR:
- Mustang Panda is back with new self-propagating malware spreading through USB drives and spear-phishing.
- They are targeting government entities in the Asia-Pacific region with their cyber espionage goals.
Mustang Panda, a well-known Chinese state-sponsored threat actor, has resurfaced with a new strategy involving self-propagating malware that spreads through USB drives and spear-phishing. Their recent attacks are targeted at various government entities in the Asia-Pacific (APAC) region. The group is using malware-loaded USB drives to deliver PUBLOAD via a self-propagating variant of the worm HIUPAN, along with other tools like FDMTP and PTSOCKET, for system control and data exfiltration.
They have also launched a spear-phishing campaign targeting the same demographic, distributing backdoors and other malware through malicious attachments. This fast-paced attack infiltrates systems quickly, stealing data before victims realize they’ve been compromised. The group has been observed exploiting Microsoft’s cloud services for data exfiltration, using decoy documents related to foreign affairs to lure victims into continuing the attack chain.
The researchers have noted that these attacks are highly targeted and time-sensitive, focusing on specific countries and industries within the APAC region. The group has shown an evolution in their tactics by using a self-propagating worm to deliver malware, which is a departure from their previous spear-phishing tactics. The ultimate goal of the attacks is to achieve system control for persistent data exfiltration.
It is advised to remain vigilant and update defensive measures against these sophisticated tactics by Mustang Panda and its cohorts, as they are expected to remain active in the APAC region in the foreseeable future.
