Threat Management

Mustang Panda bolsters stealth capabilities

Share

Chinese state-sponsored advanced persistent threat operation Mustang Panda, also known as Earth Preta, RedDelta, Bronze President, Red Lich, and HoneyMyte, has strengthened its techniques for evading the detection of security solutions, The Hacker News reports. Spear-phishing attacks are commonly used by Mustang Panda to commence its attacks, with malicious payloads usually concealed within seemingly legitimate fake documents, but attackers have slightly updated the technique to embed the archive's download link in a decoy document with password protections in an effort to bypass email security systems, according to a Trend Micro report. Mustang Panda then uses custom CCPASS and ABPASS tools in a bid to evade Windows 10's User Account Control, with other utilities deployed following the distribution of malware to facilitate the deletion of event logs. "Earth Preta is a capable and organized threat actor that is continuously honing its TTPs, strengthening its development capabilities, and building a versatile arsenal of tools and malware," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.