Myanmar had its Ministries of Defence and Foreign Affairs suspected to be compromised by Chinese state-backed advanced persistent threat operation Mustang Panda, also known as Earth Preta, Camaro Dragon, Bronze President, and Stately Taurus, in separate attack campaigns this month and in November, reports The Hacker News.
Mustang Panda's initial attacks involved the distribution of a phishing email with an executable using a meeting with Myanmar's National Defence and Security Council as a lure to facilitate the delivery of the PUBLOAD loader, which would then deploy the PlugX malware, a report from CSIRT-CTI revealed. Attackers also sought to distribute PlugX in this month's campaign, which involved the spread of an optical disc image triggering the TONESHELL loader.
Both campaigns were noted to be similar to attacks by Mustang Panda against Asian and European entities last February.
"Following the rebel attacks in northern Myanmar [in October 2023], China has expressed concern regarding its effect on trade routes and security around the Myanmar-China border... Stately Taurus operations are known to align with geopolitical interests of the Chinese government, including multiple cyberespionage operations against Myanmar in the past," said the report.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.