Mustang Panda with SnakeDisk USB Worm

Mustang Panda, a notorious Chinese cyber espionage group, has been observed deploying a new USB worm named SnakeDisk. This malware propagates through USB devices, enabling the threat actors to infiltrate air-gapped networks and steal sensitive information. SnakeDisk leverages advanced techniques to evade detection and maintain persistence on infected systems. The campaign highlights the evolving tactics of Mustang Panda, emphasizing the risks posed by physical media in cybersecurity. Organizations must enhance their endpoint security and implement strict USB usage policies to mitigate such threats. This article delves into the technical details of SnakeDisk, its infection vectors, and the strategic implications for cybersecurity defenses against state-sponsored attacks.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 15 Sep 2025 12:11:00 +0000

Cyber News related to Mustang Panda with SnakeDisk USB Worm

Mustang Panda with SnakeDisk USB Worm - Mustang Panda, a notorious Chinese cyber espionage group, has been observed deploying a new USB worm named SnakeDisk. This malware propagates through USB devices, enabling the threat actors to infiltrate air-gapped networks and steal sensitive ...
3 weeks ago Cybersecuritynews.com Mustang Panda

Chinese hackers abuse Microsoft APP-v tool to evade antivirus - The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. ...
7 months ago Bleepingcomputer.com Mustang Panda

CVE-2023-52528 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CVE-2024-56769 - In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in ...
9 months ago Tenable.com

CVE-2022-49936 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

CVE-2025-38153 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

CVE-2024-41097 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

Mustang Panda - Mustang Panda is a China-based cyber espionage threat actor that was first observed in 2017 but may have been conducting operations since at least 2014. Mustang Panda has targeted government entities, nonprofits, religious, and other non-governmental ...
1 year ago Attack.mitre.org Mustang Panda

Mustang Panda Using New DLL Side-Loading Technique to Evade Detection - Mustang Panda, a known Chinese state-sponsored threat actor, has been observed employing a new DLL side-loading technique to enhance its stealth capabilities. This method involves loading malicious DLLs through legitimate applications, allowing the ...
8 hours ago Cybersecuritynews.com Mustang Panda

CVE-2023-52742 - In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a ...
1 year ago Tenable.com

CVE-2019-12042 - Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system ...
5 years ago

10 Best IT Asset Management Tools - 2025 - What is Good?What Could Be Better?Atera can seamlessly service and monitor Linux, Mac, and Windows systems.Sometimes, when deploying an update, patch management will fail.Using an administrator terminal, keep an eye on IT asset activity remotely.The ...
6 months ago Cybersecuritynews.com

CVE-2025-21916 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago

CVE-2025-38376 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago

CVE-2024-38565 - In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for ...
1 year ago Tenable.com

New TetrisPhantom hackers steal data from secure USB drives on govt systems - A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region. Secure USB drives store files in an encrypted part of the device and are used to safely ...
1 year ago Bleepingcomputer.com Ragnar Locker

Self-Replicating Shai Hulud Worm Infects NPM Packages - The recent discovery of the self-replicating Shai Hulud worm targeting NPM packages marks a significant escalation in supply chain attacks within the software development ecosystem. This worm propagates by injecting malicious code into JavaScript ...
3 weeks ago Darkreading.com

Gamaredon's LittleDrifter USB malware spreads beyond Ukraine - A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group. Malware researchers saw indications of ...
1 year ago Bleepingcomputer.com

CVE-2021-47472 - In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: Fix memory leak in __mdiobus_register Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it will cause memory leak. ...
1 year ago Tenable.com

CVE-2024-56687 - In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usb_ep_queue() (call trace below, supplemented with ...
9 months ago Tenable.com

Linux USB Audio Driver Vulnerability Actively Exploited in the Wild Via Malicious USB - The USB-audio driver in the Linux kernel has an out-of-bounds access vulnerability that possibly enables an attacker with physical access to the system to use a malicious USB device to escalate privileges, modify system memory, or run arbitrary code. ...
5 months ago Cybersecuritynews.com

CVE-2021-47101 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CVE-2022-49298 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago

Latest Cyber News

Reemo Unveils Bastion, a Scalable Solution for Global Privileged Access Management

FBI, UK urge orgs to patch after Clop campaign

Zabbix Agent and Agent 2 for Windows Vulnerability

LinkedIn sues ProApis for using 1M fake accounts to scrape user data

Microsoft warns of critical GoAnywhere bug exploited in ransomware attacks

Redis Servers Vulnerable to Remote Exploitation, Researchers Warn

AI Inference Hardware Decisions: Choosing the Right Platform for Your Needs

DraftKings warns of account breaches in credential stuffing attacks

Oracle E-Business Suite 0-Day Vulnerability Exposes Critical Risks

Self-Propagating Malware Hits WhatsApp Users in Brazil

Europol calls for stronger data laws to tackle cybercrime

Medusa ransomware exploit targets Fortra GoAnywhere flaw

OpenAI is testing ChatGPT-powered agent builder

OpenSSH Vulnerability in ProxyCommand Could Allow Remote Code Execution

MIC-E Mouse Attack: A New Threat in Cybersecurity

Redefining security validation with AI-powered breach and attack simulation

INE Security Report: Cross-Training and Networking in Cybersecurity

Qilin ransomware linked to Asahi Kasei cyber attack

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)

CrowdStrike Falcon Windows Sensor Vulnerability Exposes Systems to Potential Exploits

Hackers claim Discord breach exposed data of 55 million users

FreePBX SQL Injection Vulnerability Exposes Systems to Attack

Claim your share of the $177 million AT&T data breach settlement

California signs law to let users opt out of browser data collection

Severe Figma MCP Vulnerability Lets Attackers Hijack User Accounts, Steal Data

Hackers Exploit WordPress Themes to Deploy Backdoors, Malware Campaigns

LockBit, Qilin, and DragonForce Join Forces in a New Ransomware Alliance

Discord confirms data breach exposed government IDs and user info

1Password’s new Secure Agentic autofill uses AI to fill passwords in any browser

Cybersecurity Gets C-Suite Attention as Companies Dive Into AI - WSJ

Salesforce says it won’t pay extortion demand in 1 billion records breach | Ars Technica

Who is still working, who has been furloughed in U.S. government shutdown

Russia’s hybrid war in Europe: Von der Leyen’s speech

OpenAI Disrupts Russian, North Korean Cyber Espionage Operations Using AI-Powered Threat Detection

Scattered Lapsus Hunters Launched a New Leak Site

Vampire Bot Malware Targets Job Hunters With Credential Stuffing Attacks

Mustang Panda Using New DLL Side-Loading Technique to Evade Detection

Extortion Gangs Join Forces in Ransomware Cartel

New FileFix attack uses cache smuggling to evade security software