Chinese hackers are switching to new malware for government attacks

The infamous Mustang Panda threat actor is reportedly using FDMTP malware to steal info

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Chinese state-sponsored threat actor Mustang Panda (also known as LuminousMoth, Camaro Dragon, HoneyMyte, and more), has been found launchingmalwarecampaigns against high value targets, including government agencies in Asia.

The group used a variant of the HIUPAN worm to deliver PUBLOAD malware into the networks of its targets via removable drives. The HIUPAN worm moved all its files into a hidden directory to obscure its presence, and left only one seemingly legitimate file visible (“USBConfig.exe”) to trick the user.

The PUBLOAD tool was used as the primary control for the campaign, used to exfiltrate data and send to the threat actor’s remote server. PTSOCKET was often used as an alternative data extraction tool.

A familiar story

Aninvestigation by TrendMicrooutlines the advancement in the malware deployment from Mustang Panda, especially in the use against military, government, and education agencies in the APAC region.

This is a change from the recent reports the organization wasusing WispRider variantsto execute similar DLL sideloading techniques through USB drives. The previous campaign is said to have infected devices around the world, including in the UK, Russia, and India.

The group was also linked to a spear phishing campaign in June of this year, demonstrating its capabilities in exploitingMicrosoft’s cloud services and leveraging multi-stage downloaders. The group remains highly active in the cyber landscape, and looks set to continue for the foreseeable future.

This is one of many suspected Chinese state-sponsored attacks in recent times, with campaignsagainst a range of targets, including Russian government devices compromised by phishing attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

7 myths about email security everyone should stop believing

Your doctor may have an AI assistant taking notes during your next Zoom call