ISPs and Diplomats Targeted by New Mustang Panda Hacking Campaign

Mustang Panda, a threat actor reportedly related to China, has been waging a harmful campaign with a new version of the Korplug malware known as Hodur and custom loaders for a period of at least eight months, according to security specialists.

Who Is Mustang Panda and What Is Korplug Malware?

Mustang Panda, also known as TA416, was reported to support China-aligned purposes and has recently been linked to phishing and espionage activities aimed at European diplomats.

Korplug is a proprietary virus used widely, but not solely, by this threat actor. It was initially uncovered in a 2020 investigation that looked into Chinese threat actors’ activities against Australian targets.

How Does the Mustang Panda Hacking Campaign Work?

ESET researchers published a report on how this Mustang Panda hacking campaign unfolds. Mustang Panda employs phishing lures with counterfeit papers to target European embassies, ISPs (Internet Service Providers), and research institutes in the most recent known campaign, as experts from ESET underline.

As of March 2022, this campaign is still ongoing and goes back to at least August 2021. Known victims include research entities, internet service providers, and European diplomatic missions. The compromise chain includes decoy documents that are frequently updated and relate to

Read More: