Skip to main content

Tag: mustang panda

4 articles

Laptop in government office with blurred screen and papers nearby.

Mustang Panda Exploits Zoho WorkDrive in Indian Government Attacks

Meet the sneaky hackers known as Mustang Panda, who've been using a clever trick to steal sensitive info from Indian government machines - by hiding in plain sight within legitimate cloud traffic on Zoho WorkDrive. Their covert operation went undetected for 10 days, blending in seamlessly with routine cloud activity.

Analyst 207
Rows of computer workstations and monitors display code and network diagrams in a brightly-lit cybersecurity research…

Mustang Panda Unveils Modular FDMTP Backdoor in Cyberespionage Push

Cyberespionage groups like Mustang Panda are constantly evolving their tactics, and a recent campaign has seen the emergence of a modular backdoor that allows attackers to adapt and persist in compromised environments. This sophisticated tool enables hackers to blend in with legitimate processes, making it a major concern for security experts.

Analyst 207
Office building lobby with blurred security camera and people walking, hint of network connection on screen.

Mustang Panda Deploys Updated FDMTP Backdoor in Asia-Pacific Espionage

A sophisticated espionage campaign has been targeting organizations across Asia-Pacific and Japan for months, with researchers linking the activity to the notorious China-aligned group Mustang Panda with moderate confidence. The group's tactics may evolve, but their execution model remains eerily consistent.

Analyst 207
Laptop screen displays code with cityscape visible through window in background.

Mustang Panda Expands LOTUSLITE Malware to Target India, Korea

Meet the evolved LOTUSLITE backdoor, now wielding dynamic DNS-based command-and-control over HTTPS, enabling its operators to remotely access and manipulate targeted systems for espionage purposes. This sophisticated malware supports remote shell access, file operations, and session management, a potent toolkit for data collection and access persistence.

Analyst 207