Chinese “Mustang Panda” Hackers Spotted Deploying New “Hodur” Malware
NERC Releases Fourth Episode of Compliance Podcast “Currently Compliant”
March 25, 2022WECC’s Reliability & Security Virtual Workshop Materials Available
March 25, 2022
Summary:
A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyber espionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines. Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021. Mustang Panda, also known as TA416, HoneyMyte, RedDelta, or PKPLUG, is a cyber espionage group that's primarily known for targeting non-governmental organizations with a specific focus on Mongolia. The latest campaign, which dates back to at least August 2021, makes use of a compromise chain featuring an ever-evolving stack of decoy documents pertaining to the ongoing events in Europe and the war in Ukraine.
Additional Discussion:
Link:
