This week, Cisco Talos Intelligence Group reported that they had discovered a new attack campaign perpetrated by the threat actor Mustang Panda, also known as Bronze President, RedDelta, and TA416. The group focuses primarily on Europe when conducting its espionage attacks. According to security researchers, the attacks originate from China and have an emphasis on espionage attempts. The group has existed since at least 2012, and has targeted companies and organizations across the world including think tanks, NGOs, and governmental entities.
In March, ESET researchers published a report stating that Mustang Panda was leveraging a previously undocumented PlugX variant, a RAT malware used by the threat actors for many years. The RAT was reportedly being used via phishing documents related to the war between Ukraine and Russia. The situation between Ukraine and Russia has been capitalized on by the threat actor to conduct more successful attacks. In one instance, the group disguised a phishing email as a situation report along European borders with Ukraine, luring targets who were interested in the situation to click on malicious links.
Read More: New Mustang Panda campaign targets Europe