New Mustang Panda hacking campaign targets diplomats, ISPs


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Security analysts have uncovered a malicious campaign from China-linked threat actor Mustang Panda, which has been running for at least eight months with a new variant of the Korplug malware called Hodur and custom loaders.

Also tracked as TA416, Mustang Panda is known to serve China-aligned interests and has been recently associated with phishing and espionage operations that targeted European diplomats.

Korplug is a custom malware used extensively but not exclusively by this particular threat actor, first exposed in a 2020 report that examined the activity of Chinese hackers against Australian targets.

In the latest known campaign, analyzed by cybersecurity company ESET, Mustang Panda focuses on European diplomats, ISPs (Internet Service Providers), and research institutes, using phishing lures with decoy documents.


Level 5
Mar 13, 2022

China-linked Mustang Panda APT group targets entities in Asia, the European Union, Russia, and the US in a new wave of attacks.