New Mustang Panda attacks targeting TP-Link routers

Chinese state-sponsored advanced persistent threat group Mustang Panda, also known as Earth Preta, Bronze President, Camaro Dragon, HoneyMyte, RedDelta, BASIN, and Red Lich, has launched new attacks exploiting TP-Link routers to compromise European foreign affairs organizations since January, according to The Hacker News. Check Point researchers have hypothesized that Mustang Panda may have leveraged known flaws and conducted brute-force attacks to infect TP-Link routers with the custom Horse Shell backdoor, which enables arbitrary shell command execution, file uploads and downloads to and from the router, and inter-client communications. Residential and home network devices are believed to have been targeted and integrated by Horse Shell to a mesh network, while the malware's use of a SOCKS tunnel for communications has been helping avert attack detection, the report noted. "The discovery is yet another example of a long-standing trend of Chinese threat actors to exploit internet-facing network devices and modify their underlying software or firmware," said researchers.