CyberSecurityBoard
Sponsor Register Login

Mustang Panda Using New DLL Side-Loading Technique to Evade Detection

Mustang Panda, a known Chinese state-sponsored threat actor, has been observed employing a new DLL side-loading technique to enhance its stealth capabilities. This method involves loading malicious DLLs through legitimate applications, allowing the group to evade traditional detection mechanisms. The attack leverages a vulnerable legitimate executable to sideload a malicious DLL, which then executes the payload. This technique complicates detection and mitigation efforts, as the malicious activity is masked under trusted processes. Mustang Panda's continued innovation in attack strategies highlights the evolving threat landscape and the need for advanced detection solutions. Organizations are advised to monitor for unusual DLL loading behaviors and implement strict application whitelisting policies. This development underscores the importance of proactive threat intelligence and continuous monitoring to defend against sophisticated cyber espionage campaigns.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 08 Oct 2025 20:45:39 +0000


Cyber News related to Mustang Panda Using New DLL Side-Loading Technique to Evade Detection

Mustang Panda Using New DLL Side-Loading Technique to Evade Detection - Mustang Panda, a known Chinese state-sponsored threat actor, has been observed employing a new DLL side-loading technique to enhance its stealth capabilities. This method involves loading malicious DLLs through legitimate applications, allowing the ...
5 hours ago Cybersecuritynews.com Mustang Panda
Chinese hackers abuse Microsoft APP-v tool to evade antivirus - The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. ...
7 months ago Bleepingcomputer.com Mustang Panda
Mustang Panda Employs Using Weaponized RAR Archives to Install New ToneShell Malware - The threat actor has been observed utilizing weaponized RAR archives containing malicious DLLs alongside legitimate signed executables to deploy updated variants of ToneShell malware through DLL sideloading techniques. Security researchers have ...
5 months ago Cybersecuritynews.com Mustang Panda
Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS - As we know, Dynamic-link library(DLL) Side loading / DLL Hijacking is nothing new, nor is Windows Side-by-Side; however, side loading is handy from an adversarial tradecraft perspective, be it for establishing initial access, persistence, privilege ...
1 year ago Blog.zsec.uk Equation
CVE-2005-2127 - Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for ...
6 years ago
Hackers Employ DLL Side-Loading To Deliver Malicious Python Code - DLL side-loading exploits the Windows DLL search order mechanism, where attackers place malicious DLL files in locations where legitimate applications will load them instead of the intended legitimate libraries. The technique enables attackers to ...
6 months ago Cybersecuritynews.com
Threat Actors Exploiting DLL Side-Loading Vulnerability in Google Chrome to Execute Malicious Payloads - Cybersecurity researchers have identified a concerning new attack vector where threat actors are actively exploiting a vulnerability in Google Chrome version 133.0.6943.126 through DLL side-loading techniques. This sophisticated attack allows ...
6 months ago Cybersecuritynews.com
Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
1 year ago Cybersecuritynews.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
Mustang Panda with SnakeDisk USB Worm - Mustang Panda, a notorious Chinese cyber espionage group, has been observed deploying a new USB worm named SnakeDisk. This malware propagates through USB devices, enabling the threat actors to infiltrate air-gapped networks and steal sensitive ...
3 weeks ago Cybersecuritynews.com Mustang Panda
10 Best IT Asset Management Tools - 2025 - What is Good?What Could Be Better?Atera can seamlessly service and monitor Linux, Mac, and Windows systems.Sometimes, when deploying an update, patch management will fail.Using an administrator terminal, keep an eye on IT asset activity remotely.The ...
6 months ago Cybersecuritynews.com
Mustang Panda - Mustang Panda is a China-based cyber espionage threat actor that was first observed in 2017 but may have been conducting operations since at least 2014. Mustang Panda has targeted government entities, nonprofits, religious, and other non-governmental ...
1 year ago Attack.mitre.org Mustang Panda
CVE-2025-4455 - A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library ...
4 months ago
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
1 year ago Unit42.paloaltonetworks.com
CVE-2019-12042 - Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system ...
5 years ago
China-Linked CeranaKeeper Targeting Southeast Asia with Data Exfiltration - The attacks are characterized by the use of malware families such as TONESHELL, TONEINS, and PUBLOAD – all attributed to the Mustang Panda group – while also making use of an arsenal of never-before-seen tools to aid data exfiltration. ...
1 year ago Thehackernews.com Mustang Panda
New DLL Search Order Hijacking Technique Targets WinSxS Folder - A new DLL search order hijacking technique allows adversaries to load and execute malicious code in applications within Windows' WinSxS folder, incident response company Security Joes reports. Typically, DLL search order hijacking abuses applications ...
1 year ago Securityweek.com
New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
5 months ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections - Security researchers have outlined a fresh variant of a dynamic link library search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and ...
1 year ago Cysecurity.news
Weaponized DeepSeek Installers Delivers Sainbox RAT and Hidden Rootkit - The fake installer drops three critical files: a legitimate executable named “Shine.exe,” a malicious DLL masquerading as “libcef.dll” (a legitimate Chromium Embedded Framework library), and a data file called ...
3 months ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
6 months ago Cybersecuritynews.com
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
6 months ago Cybersecuritynews.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
6 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)