Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Geo Focus: Asia

Chinese APT Group Deploying New Malware Backdoor

Mustang Panda Using MQsTTang Tool to Target Victims in Asia and Europe, Eset Finds
Chinese APT Group Deploying New Malware Backdoor

Chinese nation-state hackers are using a previously unseen malware backdoor as part of the latest campaign targeting governmental organizations in Europe and Asia, a new report by security firm Eset finds.

See Also: Europe in the Crosshairs: China's Semiconductor Threat Poses IP Risk

The new backdoor, dubbed MQsTTang by Eset researchers, is being deployed by hacking group Mustang Panda as part of an ongoing spear-phishing campaign that began in January, specifically targeting government organizations in Ukraine and Taiwan.

According to the report, the new backdoor uses an MQTT protocol to facilitate communication between IoT devices as its command-and-control servers, making it the first-ever known case of the protocol's application being detected in malware.

"From an attacker's perspective, one of MQTT's benefits is that it hides the rest of their infrastructure behind a broker," the report says. "Thus, the compromised machine never communicates directly with the C&C server."

The malware is currently being spread as RAR files that are hosted on a web server, the report adds. Once deployed, the malware then performs a range of tasks, such as establishing a connection with the command-and-control server and establishing persistence.

Eset researchers are unclear about the motive behind this campaign, but they say it could be "trial and error" use by Mustang Panda to test the new tool. The report also says not many versions of the latest malware have been spotted in the wild.

Mustang Panda, also known as Bronze President and HoneyMyte, is a Chinese threat group that is known to target government organizations for cyberespionage activities.

According to a recent alert from security firm CrowdStrike, the group is among a host of Chinese nation-state groups that are now exploiting zero-days and other vulnerabilities to target U.S. organizations (see: Chinese State Hackers Level Up Their Abilities: CrowdStrike).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.