The Chinese hacker group Mustang Panda is stepping up its attacks on targets in Europe, Australia and Taiwan. Researchers from the IT security manufacturer ESET uncovered a campaign that is currently ongoing and uses the newly developed backdoor MQsTTang. This allows the attackers to execute arbitrary commands on the victim's computer. The focus is on political and governmental organizations, especially a government institution in Taiwan. Since Russia's invasion of Ukraine, Mustang Panda has significantly increased its activities.
MQsTTang: Proof of rapid development cycle
MQsTTang is a simple backdoor that allows the attacker to execute arbitrary commands on the victim's machine and capture the output. The malware uses the MQTT protocol for command and control communication. MQTT is typically used for communication between IoT devices and controllers. To date, the protocol has only been used in a few publicly documented malware families.
MQsTTang is distributed in RAR archives that contain only a single executable file. These executables usually have filenames related to diplomacy and passports.
“Unlike most of the group's malware, MQsTTang does not appear to be based on existing malware families or publicly available projects,” says ESET researcher Alexandre Côté Cyr, who discovered the ongoing campaign. “This new backdoor provides a sort of remote shell without all the bells and whistles associated with the group's other malware families. “But it shows that Mustang Panda is exploring new technology stacks for its tools,” he explains. “It remains to be seen whether this backdoor will become a recurring part of their arsenal. In any case, it is another example of the group’s rapid development and deployment cycle,” concludes Côté Cyr.
Further information about MQsTTang from the hacker group Mustang Panda
Detailed technical information can be found in the blog post “MQsTTang: New backdoor from the Mustang Panda Group, based on Qt and MQTT” on WeLiveSecurity: HERE
Source:
Press release
Also read our fact checks:
Harry Potter and the self-repairing skyscraper in Kyiv
Video: Subtitles of Putin's speech on Ukraine are wrong
Ukraine war: Unsubstantiated figures on dead and wounded soldiers circulated through Sharepic!
Mysterious: “Lights in the sky” during earthquake in Turkey
Welcome money for Ukrainian refugees is still nonsense!
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

