However, due to the nature of the decoy filenames used, we believe that political and governmental organizations in Europe and Asia are also being targeted. We also have information indicating that this campaign is targeting a governmental institution in Taiwan. We have seen unknown entities in Bulgaria and Australia in our telemetry.
In a departure from the group’s usual tactics, MQsTTang has only a single stage and doesn’t use any obfuscation techniques. Mustang Panda is known for its customized Korplug variants (also dubbed PlugX) and elaborate loading chains. Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects. This backdoor is part of an ongoing campaign that we can trace back to early January 2023. ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocolĮSET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group.
0 kommentar(er)
