Organizations in Europe and the Asia Pacific are being targeted by Chinese state-sponsored hacking group Mustang Panda, also known as Earth Preta, HoneyMyte, Bronze President, Red Lich, and RedDelta with phishing lures related to the ongoing war between Russia and Ukraine, The Hacker News reports.
Mustang Panda's latest campaign involves the delivery of phishing emails containing a decoy archive with a Microsoft Word file that uses DLL side-loading to trigger PlugX execution in memory, according to a report from BlackBerry.
"Their attack chain remains consistent with the continued use of archive files, shortcut files, malicious loaders, and the use of the PlugX malware, although their delivery setup is usually customized per region/country to lure victims into executing their payloads in the hope of establishing persistence with the intent of espionage," said BlackBerry researcher Dmitry Bestuzhev, who added that there was no overlap between the attacks and those reported by Trend Micro last month.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.