- Aug 17, 2014
Security analysts have uncovered a malicious campaign from China-linked threat actor Mustang Panda, which has been running for at least eight months with a new variant of the Korplug malware called Hodur and custom loaders.
Also tracked as TA416, Mustang Panda is known to serve China-aligned interests and has been recently associated with phishing and espionage operations that targeted European diplomats.
Korplug is a custom malware used extensively but not exclusively by this particular threat actor, first exposed in a 2020 report that examined the activity of Chinese hackers against Australian targets.
In the latest known campaign, analyzed by cybersecurity company ESET, Mustang Panda focuses on European diplomats, ISPs (Internet Service Providers), and research institutes, using phishing lures with decoy documents.
An ongoing Mustang Panda campaign that has started at least eight months ago has been uncovered by threat analysts who also managed to sample and analyze custom malware loaders and a new Korplug variant.