Mustang Panda APT Group Launches New Campaign with MQsTTang Backdoor
Cybersecurity experts at ESET have discovered a new campaign by the Mustang Panda advanced persistent threat (APT) group. The campaign, active since early January 2023, has seen a surge in activity in Europe following Russia's invasion of Ukraine. The group is employing a new custom backdoor, MQsTTang, for espionage purposes.
The MQsTTang backdoor is distributed in RAR archives containing a single executable. Filenames relate to diplomacy and passports, suggesting targeted organizations. ESET's telemetry shows unknown entities in Bulgaria and Australia have been affected. The malware uses the MQTT protocol for Command-and-Control communication, a rarity among publicly documented malware families.
The Mustang Panda group, linked to China, has targeted European and Asian organizations. These include government ministries, foreign affairs departments, embassies, geopolitical entities, and military operations. A governmental institution in Taiwan is also being targeted. ESET researchers believe political and governmental organizations in Europe and Asia are potential targets due to decoy filenames used.
The Mustang Panda APT group's use of the MQsTTang backdoor underscores their ongoing efforts to gather intelligence. Organizations, particularly in the political and governmental sectors, should remain vigilant and implement robust cybersecurity measures to protect against such threats.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Infiltration of Estonian airspace by Russian military aircraft
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
