Chinese hackers are switching to new malware for government attacks
Chinese state-sponsored threat actor Mustang Panda (also known as LuminousMoth, Camaro Dragon, HoneyMyte, and more), has been found launching malware campaigns against high value targets, including government agencies in Asia.
The group used a variant of the HIUPAN worm to deliver PUBLOAD malware into the networks of its targets via removable drives. The HIUPAN worm moved all its files into a hidden directory to obscure its presence, and left only one seemingly legitimate file visible (“USBConfig.exe”) to trick the user.
The PUBLOAD tool was used as the primary control for the campaign, used to exfiltrate data and send to the threat actor’s remote server. PTSOCKET was often used as an alternative data extraction tool.
A familiar story
An investigation by TrendMicro outlines the advancement in the malware deployment from Mustang Panda, especially in the use against military, government, and education agencies in the APAC region.
This is a change from the recent reports the organization was using WispRider variants to execute similar DLL sideloading techniques through USB drives. The previous campaign is said to have infected devices around the world, including in the UK, Russia, and India.
The group was also linked to a spear phishing campaign in June of this year, demonstrating its capabilities in exploiting Microsoft’s cloud services and leveraging multi-stage downloaders. The group remains highly active in the cyber landscape, and looks set to continue for the foreseeable future.
This is one of many suspected Chinese state-sponsored attacks in recent times, with campaigns against a range of targets, including Russian government devices compromised by phishing attacks.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via BleepingComputer
More from TechRadar Pro
Chinese state-sponsored threat actor Mustang Panda (also known as LuminousMoth, Camaro Dragon, HoneyMyte, and more), has been found launching malware campaigns against high value targets, including government agencies in Asia. The group used a variant of the HIUPAN worm to deliver PUBLOAD malware into the networks of its targets via…
Recent Posts
- The best laptop deals we found for Amazon Prime Day
- The best Prime Day deals you can get on some of our home office go-tos
- The best Prime Day deals under $50 in the final hours of Amazon’s Big Deal Days
- 25 Best Amazon Prime Day Hair Tool Deals to Shop Right Now (2024)
- The best headphone and earbud deals on day two of Amazon Prime Day
Archives
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- December 2011