Mustang Panda APT Group Resumes Malware Attacks After Holiday
Chinese state-sponsored attackers have resumed targeting organizations involved in diplomatic relations. The cyberattacks targeted diplomatic relations between the Vatican and the Chinese Communist Party, organizations in Myanmar, and diplomatic groups in Africa. The cybercriminals are Chinese state-sponsored advanced persistent threat group (APT) TA416. They are tracked as “Mustang Panda” and “RedDelta.”
The new attacks occurred on the heels of an agreement reached between the Vatican and the Chinese Communist Party. The attackers used spoofed emails that impersonated journalists from the Union of Catholic Asian news as well as social engineering.
The renewed cyber attacks occurred between from September 16 and through October 10, 2020. This duration included Chinese holiday referred to as National Day and the following unofficial vacation period “Golden Week.”
The goal of Mustang Panda’s attacks is to deliver PlugX malware with the objective of carrying out cyber espionage.
“After nearly a month of inactivity following publications by threat researchers, Proofpoint analysts have identified limited signs of renewed phishing activity that can be attributed to the Chinese APT group TA416,” say cyber security researchers at Proofpoint.
Since APT TA416 was last detected, the attackers have changed their tools and tactics to help evade automated detection by security professionals.
“Continued activity by TA416 demonstrates a persistent adversary making incremental changes to documented toolsets so that they can remain effective in carrying out espionage campaigns against global targets, says Proofpoint.