According to a report by ESET, China-aligned hacking group, Mustang Panda, has been using a previously unseen custom backdoor named MQsTTang in an ongoing social engineering campaign since January 2023. Unlike the groups usual malware, MQsTTang does not appear to be based on existing families publicly available projects. The group has been increasing its attacks on European entities since Russia’s invasion of Ukraine in 2022. The victimology of the current activity Is not yet clear, but ESET has noted that the decoy filenames used in the attacks are consistent with the groups' previous campaigns targeting European political organisations. However, ESET has also observed attacks against unknown entities in Bulgaria and Australia as well as governmental institution in Taiwan, suggesting that the groups’ focus is broader and extends to Europe and Asia. It is important for organisations in these regions to be aware of this ongoing campaign and take necessary steps to protect their networks and systems against such attacks.
Read more here.
