Russia-Ukraine conflict exploited in Mustang Panda campaign

Chinese state-sponsored hacking group Mustang Panda, also known as RedDelta, HoneyMyte, or Bronze President, has been leveraging phishing lures related to the ongoing Russian invasion of Ukraine in malware attacks against Russian and European entities, reports CyberScoop. Cisco Talos Intelligence Group researchers discovered that Mustang Panda has been using a Russian-titled English-language document for PlugX malware delivery, which was first identified by SecureWorks Counter Threat Unit researchers, but found that the group has opted to reduce remote URLs for malware hosting and deployment. Mustang Panda has also been observed to utilize a Ukrainian-themed phishing lure spoofing Ukraine's National Security and Defense Council to attack unnamed targets in February, said researchers. "Over the years, Mustang Panda has evolved their tactics and implants to target a wide range of entities spanning multiple governments in three continents, including the European Union, the U.S., Asia and pseudo allies such as Russia. Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves," researchers wrote.