#mustangpanda

Chinese APT Mustang Panda Renews Espionage Campaign Against European Governments The Chinese APT group TA416 (Mustang Panda) has launched new cyber-espionage campaigns targeting European governments, using evolving tactics like MSBuild abuse to deliver PlugX malware.

🇨🇳 Chinese APT Mustang Panda (TA416) is back, targeting European governments, EU & NATO missions with updated tactics. Campaigns use phishing links, abuse MSBuild, and deploy PlugX malware for espionage. #APT #MustangPanda #CyberSecurity #China

China-Nexus Actor Targets Persian Gulf

~Zscaler~
A China-nexus group, likely Mustang Panda, is using Middle East conflict lures to deploy the PlugX backdoor in the Persian Gulf.
-
IOCs: 91. 193. 17. 117, www. 360printsol. com
-
#MustangPanda #PlugX #ThreatIntel

#MustangPanda

🚨Mustang Panda has rolled out a new CoolClient variant with browser credential theft and clipboard monitoring. Kaspersky links it to targeted espionage via trusted software and multi-stage loaders, signaling an evolution in China-aligned tradecraft. #APT #China #CyberEspionage #MUSTANGPANDA

Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance op works.

📢🔍⚠️Chinese-linked Mustang Panda hackers used fake diplomatic briefings to target officials with spyware.

Read: hackread.com/chinese-must...

#CyberSecurity #China #MustangPanda #CyberAttack #Phishing

The APTs That Defined 2025 How State-Aligned Threat Actors Shaped the Global Cyber Battlefield

The APTs That Defined 2025 open.substack.com/pub/malwhere...

#APT #China #Russia #DPRK #Iran #ThreatIntel #CyberSecurity #SaltTyphoon #FlaxTyphoon #MustangPanda #APT17 #APT28 #APT29 #Sandworm #LazarusGroup #Kimsuky #APT42

Mustang Panda intensifies cyber espionage with updated COOLCLIENT backdoor, targeting governments in Asia and Russia. Stay informed on evolving cyber threats. #CyberSecurity #MustangPanda #COOLCLIENT Link: thedailytechfeed.com/mustang-pand...

Mustang Panda Deploys Infostealers
Read More: buff.ly/3zu0sii

#MustangPanda #APT #ChinaLinked #CyberEspionage #Infostealer #Malware #ThreatActors #NationState #Infosec

Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard.

Chinese #MustangPanda hackers deploy infostealers via #CoolClient #backdoor

www.bleepingcomputer.com/news/security/chinese-mu...

#China #infostealer #cybersecurity

Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor against government organizations in Myanmar read more about Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor

Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor reconbee.com/chinese-must...

#chinese #china #mustangpanda #infostealers #CoolClientbackdoor #cyberattack

Mastang Panda Uses Venezuela News to Spread LOTUSLITE Malware Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

📢⚠️ The China-linked notorious Mustang Panda group is using #Venezuela related news lure to deliver #LOTUSLITE backdoor against US govt targets in a cyberespionage campaign.

Read: hackread.com/mastang-pand...

#CyberSecurity #China #MustangPanda #Malware

Chinese cyber group Mustang Panda targets U.S. policy experts with LOTUSLITE backdoor via Venezuela-themed phishing. Stay vigilant! #CyberSecurity #MustangPanda #LOTUSLITE #Phishing Link: thedailytechfeed.com/chinese-cybe...

Chinese Spies Exploit Venezuela Crisis to Target US Officials in Phishing Campaign Deploying Backdoor A Chinese-linked cyberespionage campaign by Mustang Panda targeted U.S. government officials with Venezuela-themed phishing emails deploying the LOTUSLITE backdoor.

Full report:
www.technadu.com/chinese-spie...

Do you think geopolitical phishing lures are becoming harder to detect? Comment your opinion.
#CyberEspionage #PhishingCampaign #ThreatActors #MustangPanda #GovernmentCybersecurity #InfoSec

MITRE ATT&CK 2025 Emulates SCATTERED SPIDER & MUSTANG PANDA

~Sophos~
MITRE's 2025 ATT&CK evaluation emulated TTPs for threat actors SCATTERED SPIDER and MUSTANG PANDA.
-
IOCs: kingslanding-it[. ]net, kingslanding-hr[. ]com
-
#MUSTANGPANDA #SCATTEREDSPIDER #ThreatIntel

Mustang Panda Uses Signed Rootkit
Read More: buff.ly/jrfVltj

#MustangPanda #ChinaAPT #SignedRootkit #TONESHELL #CyberEspionage #AdvancedPersistentThreat #ThreatIntel #NationStateCyber #EndpointEvasion

HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

HoneyMyte aka Mustang Panda is using a signed rootkit to drop the #ToneShell backdoor in ongoing attacks, hiding its activity from security tools and giving attackers remote access to system.

Read: hackread.com/honeymyte-mu...

#CyberSecurity #HoneyMyte #MustangPanda #Malware

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security tools.

HoneyMyte APT（又名Mustang Panda、Bronze President）使用内核态RootKit植入TONESHELL后门，攻击亚洲政府系统。
#中国 #恶意软件 #APT #MustangPanda #HoneyMyte

thehackernews.com/2025/12/must...

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor retrieve next-stage malware onto infected machines read more about Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor reconbee.com/mustang-pand...

#mustangpanda #kernel #rootkit #TONESHELLbackdoor #TONESHELL #CybersecurityNews #cyberattack

It looks like #MustangPanda has picked up a new callback execution method for shellcode via RtlRegisterWait 🤨

Previously, they relied on popular callback execution methods like EnumSystemGeoID, EnumUILanguages, etc. This entire campaign feels like an anniversary update for MiniPlug

MITRE ATT&CK 2025 Evaluation

~Sophos~
Analysis of realistic emulations of SCATTERED SPIDER (cloud pivot) and MUSTANG PANDA (PlugX, TONESHELL) attack chains.
-
IOCs: kingslanding-it[. ]net, kingslanding-hr[. ]com
-
#MUSTANGPANDA #SCATTEREDSPIDER #ThreatIntel

#mustangpanda #apt e46df5e79880777c4a01ab370bb6f4f3d8d51c57ac0dfdbb9c7370199f363508
SCAN_BC_TH_1389.zip

#MustangPanda

China-linked group Mustang Panda used a Windows .LNK zero-day (CVE-2025-9491) to spear-phish European diplomats and drop PlugX, researchers warn. Stay vigilant. TechRadar+1

#CyberSecurity #MustangPanda #ZeroDay #PlugX #DeepThreat #InfoSec #DigitalDiplomacy

UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities - Arctic Wolf Arctic Wolf Labs has identified an active cyber espionage campaign by Chinese-affiliated threat actor UNC6384 targeting European diplomatic entities in Hungary, Belgium, and additional European nation...

arcticwolf.com/resources/bl...

Good overview of recent suspected #MustangPanda activity in Europe.

APT cinesi sfruttano vulnerabilità zero-day in VMware e Windows per spionaggio su sistemi e diplomatici europei, con alert CISA e malware PlugX.

#apt #cina #cisa #MustangPanda #PlugX #unc5174 #vmware #Windows #zeroday
www.matricedigitale.it/2025/10/31/a...

Mustang Panda employs advanced DLL side-loading to target Tibetan advocacy groups. Stay vigilant against sophisticated phishing campaigns. #PotatoSecurity #APT #MustangPanda Link: thedailytechfeed.com/mustang-pand...

Mustang Panda employs advanced DLL side-loading to target Tibetan advocacy groups. Stay vigilant against sophisticated phishing campaigns. #CyberSecurity #APT #MustangPanda Link: thedailytechfeed.com/mustang-pand...

#MustangPanda

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs DLL side-loading read more about Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs reconbee.com/mustang-pand...

#MustangPanda #Snakedisk #USB #Yokaibackdoor #ThailandIPs #cyberattacks