Mustang Panda Targets Europe

Activity from Chinese threat actor, Mustang Panda has been tracked by Cisco Talos with the group targeting U.S, Asia, and European entities, in addition to Russian organizations. The phishing campaign employed by Mustang Panda has utilized themes for COVID-19, political matters, and current events. Activity from this campaign was observed in February 2022, coinciding with the start of the Russian and Ukraine conflict. Some phishing themes have reported on the border situations in Ukraine and Belarus. The malware deployed in the campaign is PlugX, a remote access trojan. Threat activities involve the use of multiple shells and beacons, with the group's goal in these campaigns to conduct espionage. The tactics, techniques, and procedures from the group have been observed with a benign executable to initiate DLL sideloading, a malicious DLL loader, the PlugX implant, and the use of various stagers and reverse shells.