Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works.

In a targeted operation running between late December 2025 and mid-January 2026, government officials and international diplomats were hit by a quiet but effective cyber attack. Security researchers at the firm Dream found that hackers from the China-backed Mastag Panda group (aka HoneyMyte) were masquerading as US and international bodies, using fake documents to trick high-level targets into installing surveillance tools.

A Trap Built on Credibility

The campaign, details of which were shared exclusively with Hackread.com, relied on a simple disguise rather than high-tech software vulnerabilities. Attackers sent out emails that looked like standard diplomatic mail, with subject lines about policy updates or internal briefings.

These documents were designed to look like the authoritative summaries typically shared by the United States after high-level meetings. Because these ...