November 21, 2023 at 02:06AM
The China-linked cyber espionage group Mustang Panda targeted a Philippines government entity using legitimate software to sideload malicious files. Mustang Panda, also known as Bronze President and other aliases, is a Chinese advanced persistent threat (APT) that has been active since at least 2012. The group has targeted NGOs and government bodies across North America, Europe, and Asia. This attack took place between August 10 and 15, 2023. In a separate incident, a South Korean APT actor named Higaisa has been found targeting Chinese users through phishing websites.
Key Takeaways:
– The China-linked APT group Mustang Panda, also known as Bronze President, Camaro Dragon, Earth Preta, RedDelta, and Stately Taurus, has been linked to a cyber attack targeting a Philippines government entity.
– These attacks occurred in August 2023 and utilized legitimate software like Solid PDF Creator and SmadavProtect to sideload malicious files.
– The threat actors configured the malware to impersonate legitimate Microsoft traffic for command and control connections.
– Mustang Panda has been active since at least 2012 and has targeted NGOs and government bodies across North America, Europe, and Asia.
– In September 2023, the group was implicated in attacks on an unnamed Southeast Asian government, using a backdoor called TONESHELL.
– The recent campaigns employed spear-phishing emails with a malicious ZIP archive file containing a rogue DLL launched through DLL side-loading.
– The use of SmadavProtect is a known tactic utilized by Mustang Panda to bypass security solutions.
– South Korean APT actor Higaisa has also been targeting Chinese users through phishing websites mimicking well-known software applications such as OpenVPN.
– Higaisa’s malware, once executed, drops and runs Rust-based malware on the system, triggering shellcode and establishing encrypted command-and-control communication with a remote Threat Actor.
– The article suggests following their Twitter and LinkedIn profiles for more exclusive content.