September 9, 2024 By Bill Toulas
New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks.
Researchers found that the hackers are using a variant of the HIUPAN worm to deliver the PUBLOAD malware stager through removable drives on the network.
Mustang Panda, (also known as HoneyMyte/Broze President/Earth Preta/Polaris/Stately Taurus) is a Chinese state-backed hacker group that focuses on cyberespionage operations against government and non-government entities mostly in Asia-Pacific, but organizations in other regions are also within its target scope.
Worm-based attack chain
Mustang Panda typically uses spear-phishing emails as the initial access vector but in a report published today, researchers at cybersecurity company Trend Micro say that new attacks from the threat actor spread PUBLOAD on the network through removable drives infected with a variant of the HIUPAN worm.
Source: Trend Micro