The prolific Chinese APT Mustang Panda is the likely culprit behind a sophisticated cyber-espionage attack that sets up persistent remote access to victim machines.
October 2, 2024 By Elizabeth Montalbano
A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ultimately uses Visual Studio Code (VS Code) to distribute Python-based malware that gives attackers unauthorized and persistent remote access to infected machines.
Researchers from Cyble Research and Intelligence Lab (CRIL) discovered the campaign, which spreads an .lnk file disguised as a legitimate setup file to download a Python distribution package. In reality, it's used to run a malicious Python script. The attack relies upon the use of VS Code, which, if not present on the machine, will be deployed via the installation of the VS Code command line interface (CLI) by the attacker, the researchers noted in analysis published Oct. 2.
