- Joined
- May 15, 2016
- Messages
- 10,357
- Likes
- 2,620
- Points
- 1,730
With the help of recommendations on the impact on Russia, China catches trusting users on the bait.
The Chinese government group Mustang Panda ( also known as Bronze President, Earth Preta, HoneyMyte, and Red Lich ) uses bait related to events in Ukraine, for espionage cyber attacks on facilities in Europe and the Asia-Pacific region ( APR ).
This was reported by the BlackBerry Research and Intelligence Team, which analyzed an archive RAR file called « Political Guide for the EU's new approach to Russia.rar ». Some of the target countries include Vietnam, India, Pakistan, Kenya, Turkey, Italy and Brazil.
.png)
The archive contains a shortcut to the Microsoft Word file, which uses the DLL Sideloading technique to run the PlugX RAT Trojan in memory before displaying the document.
Attack chains ultimately set 3 previously unknown PUBLOAD, TONENS, and TONESHELL backdoor forms that can load the payload of the next step and go unnoticed. TONESHELL, the main backdoor, is installed through TONENS and is a shell code loader.
The identified target phishing attacks of the group are aimed at the government, educational and research sectors in the Asia-Pacific region.
.png)
BlackBerry analyst Dmitry Bestuzhev said that the Mustang Panda attack chain still includes archive files, shortcuts and malicious bootloaders for the delivery of PlugX, but the delivery process itself is usually customized individually for each region, to lure the victim and perform a payload for espionage.
Cybercriminals constantly update their core toolkit using existing malware, and also develop their own tools for each new campaign. This notes the high level of resources, complexity and experience of Mustang Panda hackers.
__________________
The Chinese government group Mustang Panda ( also known as Bronze President, Earth Preta, HoneyMyte, and Red Lich ) uses bait related to events in Ukraine, for espionage cyber attacks on facilities in Europe and the Asia-Pacific region ( APR ).
This was reported by the BlackBerry Research and Intelligence Team, which analyzed an archive RAR file called « Political Guide for the EU's new approach to Russia.rar ». Some of the target countries include Vietnam, India, Pakistan, Kenya, Turkey, Italy and Brazil.
The archive contains a shortcut to the Microsoft Word file, which uses the DLL Sideloading technique to run the PlugX RAT Trojan in memory before displaying the document.
Attack chains ultimately set 3 previously unknown PUBLOAD, TONENS, and TONESHELL backdoor forms that can load the payload of the next step and go unnoticed. TONESHELL, the main backdoor, is installed through TONENS and is a shell code loader.
The identified target phishing attacks of the group are aimed at the government, educational and research sectors in the Asia-Pacific region.
BlackBerry analyst Dmitry Bestuzhev said that the Mustang Panda attack chain still includes archive files, shortcuts and malicious bootloaders for the delivery of PlugX, but the delivery process itself is usually customized individually for each region, to lure the victim and perform a payload for espionage.
Cybercriminals constantly update their core toolkit using existing malware, and also develop their own tools for each new campaign. This notes the high level of resources, complexity and experience of Mustang Panda hackers.
__________________