"China-Aligned APT Is Exploring New Technology Stacks for Malicious Tools"

Researchers at ESET have analyzed MQsTTang, a custom backdoor they attribute to the China-aligned Advanced Persistent Threat (APT) group Mustang Panda. This backdoor is a component of an ongoing campaign that ESET researchers can trace back to early January 2023. The researchers have observed unidentified targets in Bulgaria and Australia. They also have information indicating that Mustang Panda is targeting a government institution in Taiwan. It is suspected that political and governmental institutions in Europe and Asia are also being targeted due to the decoy filenames used in the campaign. The Mustang Panda campaign is ongoing, and the group's activities in Europe have escalated since Russia invaded Ukraine. In contrast to most of the group's malware, MQsTTang does not appear to be based on existing families, according to ESET researcher Alexandre Côté Cyr, who found the campaign. This new MQsTTang backdoor delivers a remote shell without the additional features included in the group's other malware families, showing that Mustang Panda is exploring new technology stacks for its tools. It remains unclear whether this backdoor will become a standard part of their arsenal, but it is yet another indication of the group's continuous advancement. This article continues to discuss findings from the analysis of the custom backdoor MQsTTang that has been attributed to the Mustang Panda APT group.

Help Net Security reports "China-Aligned APT Is Exploring New Technology Stacks for Malicious Tools"