Mustang Panda Target Asian Government Entities

  |  Source: 

Mustang Panda Target Asian Government Entities

Security researcher Yoshihiro Ishikawa discovered new activity associated with threat actor Mustang Panda delivering malicious ZIP files containing new malware, Claimloader. The campaign has currently targeted the Philippine government and other related entities. However, based on the file name used, "The US-Japan-Philippines Security Triangle: Enhancing Maritime Security, Shared Strategic Outlooks, and Defense Cooperation," this campaign has the potential to be repurposed to target Japan as well. Chaimloader initiates DLL-sideloading when the compressed file is executed. The malware is capable of establishing persistence using a scheduled task and adding itself to the Run registry. Chaimloader runs shellcode to communicate with the attacker's command and control (C2) server.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now