Mustang Panda

Mustang Panda is a China-based cyber espionage threat actor that was first observed in 2017 but may have been conducting operations since at least 2014. Mustang Panda has targeted government entities, nonprofits, religious, and other non-governmental organizations in the U.S., Europe, Mongolia, Myanmar, Pakistan, and Vietnam, among others.

This Cyber News was published on attack.mitre.org. Publication date: Thu, 07 Dec 2023 22:12:07 +0000


Cyber News related to Mustang Panda

Chinese hackers abuse Microsoft APP-v tool to evade antivirus - The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. ...
1 month ago Bleepingcomputer.com Mustang Panda
Mustang Panda - Mustang Panda is a China-based cyber espionage threat actor that was first observed in 2017 but may have been conducting operations since at least 2014. Mustang Panda has targeted government entities, nonprofits, religious, and other non-governmental ...
1 year ago Attack.mitre.org Mustang Panda
CVE-2019-12042 - Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system ...
4 years ago
10 Best IT Asset Management Tools - 2025 - What is Good?What Could Be Better?Atera can seamlessly service and monitor Linux, Mac, and Windows systems.Sometimes, when deploying an update, patch management will fail.Using an administrator terminal, keep an eye on IT asset activity remotely.The ...
2 days ago Cybersecuritynews.com
Python-Based Malware Slithers Into Systems via Legit VS Code - "The [threat actor (TA)] leverages a [VS Code] tool to initiate a remote tunnel and retrieve an activation code, which the TA can use to gain unauthorized remote access to the victim’s machine," according to the blog post about the ...
6 months ago Darkreading.com Mustang Panda
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration - The attacks are characterized by the use of malware families such as TONESHELL, TONEINS, and PUBLOAD – all attributed to the Mustang Panda group – while also making use of an arsenal of never-before-seen tools to aid data exfiltration. ...
6 months ago Thehackernews.com Mustang Panda
China-Backed APT Group Culling Thai Government Data - Analysis showed CeranaKeeper was using components common with the known Chinese-backed APT group Mustang Panda, in addition to fresh tools for undermining legitimate file-sharing services, including Pastebin, Dropbox, OneDrive, and GitHub. An ...
6 months ago Darkreading.com Mustang Panda
Deep Panda - Deep Panda is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. The intrusion into healthcare company Anthem has been attributed to Deep Panda. This group is also ...
1 year ago Attack.mitre.org APT1 APT19 Deep Panda
Safe shopping this sales season - Whether it's to avoid queuing, save time or simply to avoid the frustration from going to the shop and not finding what you were looking for, online shopping is the most popular shopping method in today's society. That's why we want to give you some ...
1 year ago Pandasecurity.com
CVE-2024-8424 - Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before ...
4 months ago Tenable.com
China State-Sponsored Spies Hack Site and Target User Systems in Asia - Users of a Tibetan language translation app and website visitors to a Buddhist festival were compromised by a focused watering-hole malware connected to a Chinese threat group. According to recent data from ESET, the so-called Evasive Panda hacking ...
1 year ago Cysecurity.news GALLIUM
ESET APT Activity Report T3 2022 - ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, ...
2 years ago Welivesecurity.com MuddyWater Mustang Panda POLONIUM
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations - Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a ...
1 year ago Thehackernews.com Mustang Panda
CVE-2021-26750 - DLL hijacking in Panda Agent <1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 < 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. ...
3 years ago
CVE-2016-3943 - Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by ...
3 years ago
CVE-2018-0644 - Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ...
6 years ago
Aquatic Panda - Aquatic Panda is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, Aquatic Panda has primarily targeted entities in the telecommunications, technology, and ...
1 year ago Attack.mitre.org Aquatic Panda
CVE-2007-1673 - unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. ...
6 years ago
LuminousMoth - LuminousMoth is a Chinese-speaking cyber espionage group that has been active since at least October 2020. LuminousMoth has targeted high-profile organizations, including government entities, in Myanmar, the Philippines, Thailand, and other parts of ...
1 year ago Attack.mitre.org LuminousMoth Mustang Panda
China-aligned CeranaKeeper Makes A Beeline For Thailand - The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication ...
6 months ago Informationsecuritybuzz.com Mustang Panda
Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents - A previously unidentified Chinese espionage group has managed to breach at least 70 organizations across 23 countries, including 48 in the government space, despite using rather standard-fare tactics, techniques, and procedures. Fitting such a ...
1 year ago Darkreading.com CVE-2023-32315 CVE-2022-21587 BlackTech Mustang Panda Volt Typhoon
Hackers Exploited Palo Alto’s Firewall Vulnerability to Deploy RA World Ransomware - In a significant cybersecurity breach, attackers exploited a critical vulnerability in Palo Alto Networks’ PAN-OS firewall software (CVE-2024-0012) to deploy the RA World ransomware. The attack, which occurred in late 2024, targeted a ...
1 month ago Cybersecuritynews.com CVE-2024-0012 Mustang Panda
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - ClearSky Cyber Security has uncovered a user interface (UI) vulnerability in Microsoft Windows that is currently being exploited by a sophisticated threat actor known as Mustang Panda, a group believed to be affiliated with Chinese state interests. ...
1 month ago Cybersecuritynews.com Mustang Panda
Earth Preta Abuse Microsoft Application Virtualization Injector To Inject Malicious Payloads - Advanced Persistent Threat (APT) group Earth Preta (a.k.a. Mustang Panda) has been observed weaponizing the Microsoft Application Virtualization Injector (MAVInject.exe) to bypass security software and implant backdoors in government systems across ...
1 month ago Cybersecuritynews.com Mustang Panda
Chinese Hackers Using New Bookworm Malware In Attacks Targeting Southeast Asia - Analysts at Palo Alto Networks’ Unit 42 detected that these files, often disguised as policy documents or meeting agendas (“analysis of the third meeting of ndsc.zip”), deploy a loader called PubLoad that mimics Microsoft Windows Update ...
1 month ago Cybersecuritynews.com Mustang Panda

Latest Cyber News


Cyber Trends (last 7 days)