Chinese spies used Maduro's capture as a lure to phish US govt agencies

What policy wonk wouldn't want to click on an attachment promising to unveil US plans for Venezuela? Chinese cyberspies used just such a lure to target US government agencies and policy-related organizations in a phishing campaign that began just days after an American military operation captured Venezuelan President Nicolás Maduro.

Acronis Threat Research Unit discovered the campaign after finding a zip file named "US now deciding what's next for Venezuela" uploaded in early January to VirusTotal. It contained a legitimate executable and a hidden, DLL-based backdoor called Lotuslite.

This combination, along with other factors such as infrastructure and technical overlaps, helped the security sleuths attribute the phishing campaign with "moderate confidence" to a Beijing-backed espionage crew called Mustang Panda (aka UNC6384, Twill Typhoon).

US law enforcement and cyber agents have tracked Mustang Panda for years, and blamed the snoops for breaking into "numerous government and private organizations" in ...