"Chinese Hackers Use New Custom Backdoor to Evade Detection"

The Chinese cyber espionage hacker group known as Mustang Panda was observed delivering a new custom backdoor called 'MQsTTang.' Mustang Panda is an Advanced Persistent Threat (APT) group known to target enterprises globally with data theft attacks involving customized variants of the PlugX malware. TA416 and Bronze President are alternative names for the threat actors. Mustang Panda's new MQsTTang backdoor malware does not appear to be based on existing malware, suggesting that it was likely created to evade detection and make attribution more difficult. Researchers from ESET identified MQsTTang in a campaign that began in January 2023 and is ongoing. The campaign targets political and government organizations throughout Europe and Asia, with a particular emphasis on Taiwan and Ukraine. The malware is distributed by spear-phishing emails, while the payloads are downloaded from GitHub repositories created by a user linked to prior Mustang Panda campaigns. The malware is an executable compressed inside RAR archives with diplomacy-themed names. This article continues to discuss findings regarding the new MQsTTang backdoor.

Bleeping Computer reports "Chinese Hackers Use New Custom Backdoor to Evade Detection"