The Chinese hacker group Mustang Panda is stepping up its attacks on targets in Europe, Australia and Taiwan. Researchers at the IT security manufacturer ESET uncovered a campaign that is currently still running, in which the newly developed backdoor MQsTTang is used.
This allows attackers to execute any command on the victim's computer. The focus is on political and state organizations, above all a government institution in Taiwan. Mustang Panda has significantly increased its activities since Russia invaded Ukraine.
MQsTTang: Proof of rapid development cycle
MQsTTang is a simple backdoor that allows the attacker to run arbitrary commands on the victim's machine and capture the output. The malware uses the MQTT protocol for command and control communication. MQTT is typically used for communication between IoT devices and controllers. So far, the protocol has only been used in a few publicly documented malware families.
MQsTTang is distributed in RAR archives containing only a single executable file. These executables usually have filenames related to diplomacy and passports.
Learn more about MQsTTang
"Unlike most of the group's malware, MQsTTang does not appear to be based on existing malware families or publicly available projects," says ESET researcher Alexandre Côté Cyr, who discovered the ongoing campaign. “This new backdoor offers a sort of remote shell without all the bells and whistles associated with the other malware families in the group. However, it shows that Mustang Panda is exploring new technology stacks for its tools,” he explains. “It remains to be seen if this backdoor will become a recurring part of their arsenal. In any case, it is another example of the Group's rapid development and deployment cycle,” concludes Côté Cyr.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.
2 thoughts on "Backdoor: Chinese hacker group attacks Europe"
Comments closed