The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023.
“Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects,” ESET researcher Alexandre Côté Cyr said in a new report.
Attack chains orchestrated by the group have stepped up targeting of European entities in the wake of Russia’s full-scale invasion of Ukraine last year. The victimology of the current activity is unclear, but the Slovak cybersecurity company said the decoy filenames are in line with the group’s previous campaigns that target European political organizations.
That said, ESET also observed attacks against unknown entities in Bulgaria and Australia, as well as a governmental institution in Taiwan, indicating a broader focus on Europe and Asia.
Mustang Panda has a history of using a remote access trojan dubbed PlugX for achieving its objectives, although recent intrusions have seen the group expanding its malware arsenal to include custom tools like TONEINS, TONESHELL, and PUBLOAD.
images from Hacker News