ESET researchers have uncovered an ongoing campaign by cyber espionage group Mustang Panda. This is notorious for attacking government institutions, companies and research institutes. In the current case, the APT (Advanced Persistent Threat) group is attacking organizations in Asia, Sudan, South Africa, Cyprus and Greece.
The victims are lured into a trap with phishing emails that focus on Russia's invasion of Ukraine.
Other topic bait in the digital post included a COVID-19 travel restriction, an approved regional aid map for Greece and a European Parliament regulation. Whoever fell for the criminals paved the way for the Hodur malicious code.
This embeds itself on the computer and enables hackers to spy on the victim systems. The campaign shows that the hackers follow current events and address their targets with tailored topics.
“Due to the code similarities and the many similarities in tactics, techniques and procedures, we most likely attribute this campaign to Mustang Panda, also known as TA416, RedDelta or PKPLUG,” says Alexandre Côté Cyr, ESET researcher. APT Group's campaigns often use custom loaders for shared malware such as Cobalt Strike, Poison Ivy, and Korplug (also known as PlugX). “The group is also known to have created their own Korplug variants. Compared to other campaigns that use them, obfuscation techniques are used at every stage,” Côté Cyr explains.
Who is Mustang Panda?
Mustang Panda is a cyber espionage group that primarily targets government institutions, corporations and research institutes. Their victims are mostly, but not exclusively, located in East and Southeast Asia, with a focus on Mongolia. The group already drew attention to itself in 2020 with an attack on the Vatican.
The analysis of the current campaign by Mustang Panda and the Hodur malware is available on WeLiveSecurity
Source: Eset
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

