This dangerous APT has expanded its skills with some new tools - here's what we know

• Mustang Panda upgrades CoolClient backdoor with new rootkit and expanded capabilities
• New features include clipboard monitoring, proxy credential sniffing, and enhanced plugin ecosystem
• Updated malware used against governments in Asia and Russia for espionage and data theft

Chinese state-sponsored hackers Mustang Panda have upgraded one of their backdoors with new capabilities, potentially making it even more dangerous than ever.

Security researchers at Kaspersky recently spotted the backdoor, called CoolClient, being used in an attack that deployed a brand-new rootkit.

Mustang Panda is a known threat actor, whose activities align perfectly with Chinese national interests: cyber-espionage, data theft, and persistent access. It has a large arsenal of custom tools, including backdoors, RATs, rootkits, and more - including CoolClient, a backdoor that was first seen in 2022 and is usually deployed as a secondary backdoor, alongside PlugX and LuminousMoth.