Tech »  Topic »  Chinese hackers are switching to new malware for government attacks

Chinese hackers are switching to new malware for government attacks


Chinese state-sponsored threat actor Mustang Panda (also known as LuminousMoth, Camaro Dragon, HoneyMyte, and more), has been found launching malware campaigns against high value targets, including government agencies in Asia.

The group used a variant of the HIUPAN worm to deliver PUBLOAD malware into the networks of its targets via removable drives. The HIUPAN worm moved all its files into a hidden directory to obscure its presence, and left only one seemingly legitimate file visible ("USBConfig.exe") to trick the user.

The PUBLOAD tool was used as the primary control for the campaign, used to exfiltrate data and send to the threat actor’s remote server. PTSOCKET was often used as an alternative data extraction tool.

A familiar story

An investigation by TrendMicro outlines the advancement in the malware deployment from Mustang Panda, especially in the use against military, government, and education agencies in the APAC region.

This is a ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE