ESET researchers have uncovered an ongoing phishing email campaign by cyber-espionage group Mustang Panda. This is notorious for attacking government institutions, companies and research institutes.
In the current case, the APT (Advanced Persistent Threat) group is attacking organizations in Asia, Sudan, South Africa, Cyprus and Greece. The victims are lured into the trap with phishing e-mails that deal with the Russian invasion of Ukraine. Other topical lures in the digital post included a COVID-19 travel restriction, an approved assisted area map for Greece and a European Parliament regulation. Those who fell for the criminals paved the way for the Hodur malicious code. This embeds itself on the computer and enables the hackers to spy on the victim systems. The campaign shows that the hackers follow current events and address their goals with tailored topics. ESET researchers have published Hodur's analysis on WeLiveSecurity.
About the current campaign
"Due to the code similarities and the many commonalities in tactics, techniques and procedures, we have a high probability of attributing this campaign to Mustang Panda, also known as TA416, RedDelta or PKPLUG," says Alexandre Côté Cyr, ESET Researcher. APT Group's campaigns often use custom loaders for shared malware such as Cobalt Strike, Poison Ivy, and Korplug (aka PlugX). "The group is also known to have created their own variants of Korplug. Compared to other campaigns that use them, obfuscation techniques are used at every stage,” explains Côté Cyr.
Mustang Panda phishing emails
Mustang Panda is a cyber espionage group that mainly targets government institutions, corporations, and research institutions. Their victims are mostly, but not exclusively, located in East and Southeast Asia, with a focus on Mongolia. The group drew attention to itself in 2020 with an attack on the Vatican.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.