The group known as Mustang Panda has targeted European and Russian organizations since the beginning of the war in Ukraine.
Mustang Panda, a China-based threat actor, known as ‘RedDelta’ or ‘Bronze President,’ has carried out a series of phishing campaigns against European and Russian organizations since February 2022.
According to a report by Cisco Talos, some phishing messages contain documents masquerading as official European Union reports on the conflict in Ukraine and its effects on NATO countries. Threat actors also imitated official Ukrainian reports on Russia’s war.
Interestingly enough, while Russia boasted a ‘truly unprecedented nature’ of Russo-Chinese relationships, China-based threat actors have no whims in targeting Russian organizations with malware.
According to the report, Mustang Panda targeted Russian agencies trying to lure victims with information on political events in Eastern Europe. Researchers noted that threat actors used a fake report on a town bordering China and Russia in one instance.
“The attackers also started taking advantage of publications and documents related to the degrading relations between Ukraine and Russia. In late January, the group started spreading a lure containing PlugX that disguised itself as a report from the EU’s general secretary,” reads the report.
Once Russia invaded Ukraine on February 24, hackers started using fake documents that appeared to be related to the war in Ukraine.
A document first spotted on February 28 imitated a report on the situation along European borders with Ukraine, while another document distributed in March pretended to cover European borders with Belarus.
Compromised reports download malware onto compromised machines upon opening.
Report’s authors note that China-based hackers employed tailor-made campaigns to target potential victims in the US as well as Asia.
“Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves,” write the report’s authors.
The group focuses on non-governmental entities all over the world. Since 2012, its members have mostly targeted European and American organizations, think tanks, and NGOs.
More from Cybernews:
Costa Rica declares a state of emergency over Conti cyberattack
Crooks exploit chemical attack fears in Ukraine
AGCO ransomware attack knocked out equipment production for days
US chasing ‘costliest strain of ransomware ever seen’
Colonial Pipeline’s ripple effect: are wounded ransomware gangs getting angrier?
Subscribe to our newsletter
