Mustang Panda
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. According to Kaspersky researchers, the malware has also been used to deploy a previously unseen rootkit. However, a technical analysis will be provided in a future report. CoolClient has […]
Taiwan says China’s attacks on its energy sector increased tenfold
The National Security Bureau in Taiwan says that China’s attacks on the country’s energy sector increased tenfold in 2025 compared to the previous year. A report from the agency highlights that attackers targeted critical infrastructure in nine key sectors, and the total number of cyber incidents linked to China grew by 6%. The emergency rescue […]
Chinese state hackers use rootkit to hide ToneShell malware activity
A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. The backdoor has been attributed to the Mustang Panda group, also known as HoneyMyte or Bronze President, that usually targets government agencies, NGOs, think tanks, and other high-profile organizations worldwide. Security researchers at Kaspersky […]
Silk Typhoon hackers hijack network captive portals in diplomat attacks
State-sponsored hackers linked to the Silk Typhoon activity cluster targeted diplomats by hijacking web traffic to redirect to a malware-serving website. The hackers used an advanced adversary-in-the-middle (AitM) technique to hijack the captive portal of the network and send the target to the first-stage malware. Google Threat Intelligence Group (GTIG) tracks the threat actor as UNC6384 and, based […]
Chinese hackers abuse Microsoft APP-v tool to evade antivirus
The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. This technique was discovered by threat researchers at Trend Micro, who track the threat group as Earth Preta, reporting that they have verified over […]
FBI wipes Chinese PlugX malware from over 4,000 US computers
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. The malware, controlled by the Chinese cyber espionage group Mustang Panda (also tracked as Twill Typhoon), infected thousands of systems using a PlugX variant with a wormable component that allowed it to […]
Chinese hackers use new data theft malware in govt attacks
New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. Researchers found that the hackers are using a variant of the HIUPAN worm to deliver the PUBLOAD malware stager through removable […]