Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware

EXECUTIVE SUMMARY

• Since at least 2019, the Mustang Panda threat actor group has targeted government and public sector organizations across Asia and Europe [3] with long-term cyberespionage campaigns in line with strategic interests of the Chinese government.


• In November 2022, Mustang Panda shifted from using archive files to using malicious optical disc image (ISO) files containing a shortcut (LNK) file to deliver the modified version of PlugX malware. This switch increases the evasion against anti-malware solutions [2].


• The Mustang …

actor apt archive asia campaigns chinese chinese government cyberespionage disc europe european commission executive files government iso lnk malicious malware mustang panda november organizations panda plugx plugx malware public public sector sector strategic threat threat actor version