Feb 21, 2024NewsroomMalware / Cyber Espionage The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only … [Read more...] about Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
Panda
Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft
VANGUARD PANDA Background On May 24, 2023, industry and government sources detailed China-nexus activity in which the threat actor dubbed Volt Typhoon targeted U.S.-based critical infrastructure entities. CrowdStrike Intelligence tracks this actor as VANGUARD PANDA. Since at least mid-2020, the CrowdStrike Falcon® Complete managed detection and response (MDR) team and the … [Read more...] about Falcon Complete MDR Thwarts VANGUARD PANDA Tradecraft
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments
Mar 08, 2023Ravie LakshmananAdvanced Persistent Threat High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the group's attack chains … [Read more...] about Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments
Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in … [Read more...] about Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware
AQUATIC PANDA in Possession of Log4Shell Exploit Tools
Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit — a new access vector among a sea of many others. Adversarial behavior … [Read more...] about AQUATIC PANDA in Possession of Log4Shell Exploit Tools
Turbine Panda, China’s Spies & Passenger Jets
Rarely in the infosec industry do cyber investigators get the luxury of knowing the full scope of their adversary’s campaign — from tasking to actual operations, all the way to completion. The oft-repeated mantra “attribution is hard” largely stands true. Short of kicking down the door just as a cyber actor pushes enter, it is frustratingly hard to prove who is responsible for … [Read more...] about Turbine Panda, China’s Spies & Passenger Jets
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
Threat Research By Christopher Evans and David Liebenberg. A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor we’ve ever seen, but it still has been one of … [Read more...] about Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”