Numerous countries across Asia, including Taiwan, Vietnam, India, Japan, and China, have been targeted by Chinese state-backed advanced persistent threat operation Mustang Panda, also known as Earth Preta, Camaro Dragon, Bronze President, TA416, and Stately Taurus, in attacks involving the advanced DOPLUGS backdoor, which is a variant of the PlugX malware, reports The Hacker News.
Unlike the basic PlugX backdoor, DOPLUGS has been integrated with a separate launcher enabling an executable to conduct DLL sideloading, while facilitating command execution and next-stage malware deployment, according to a report from Trend Micro. Some DOPLUGS samples were also discovered to include the KillSomeOne module that enables USB-based malware delivery and data exfiltration. Such findings come months after Lab52 researchers reported that Taiwanese government and political organizations had been targeted with DOPLUGS, which was noted to have its unique RC4 algorithm implementation for PlugX decryption. Moreover, Hong Kong and Vietnam were previously noted by Avira to have been subjected to attacks involving a PlugX backdoor variant with the KillSomeOne module.
There has been no evidence that individuals with the Biden campaign responded to the unsolicited emails, according to the agencies, which noted that U.S. media organizations have also been provided with Trump campaign-related information by the hackers.
After establishing trust with targets via spear-phishing emails purporting to be job openings for senior-/manager-level employees in high-profile companies, UNC2970 proceeded to deliver a malicious ZIP file masquerading as a job description, an analysis from Google Cloud's Mandiant revealed.
More than 260,000 devices have been part of the Mirai-based botnet, which has been controlled by the Integrity Technology Group using IP addresses of the China Unicom Beijing Province Network, most of which were from the U.S.