Chinese hackers have launched a broad campaign against international minority groups, nongovernmental organizations, and governments, distributing weaponized documents through email, cybersecurity researchers say.
Why it matters: The group, dubbed Mustang Panda, is an advanced persistent threat (APT) group, typically state-backed hackers involved in long-term clandestine espionage campaigns.
- The latest offensive has run since November 2018 and covers a wide range of governmental and private sector targets.
- Chinaโs state-backed hackers often target countries and industries that are strategically important, including nations that form part of Chinaโs Belt and Road Initiative and sectors aligned with the countryโs technological development goals.
โThe lure documents are themed to be relevant to their targets, and in some cases are copies of legitimate documents that are publicly availableโฆ The use of United Nationsโ documents regarding activities in the Middle East may also be indicative of think-tank targeting.โ
โResearchers at cybersecurity firm Anomali
Details: Anomali identified around 15 different documents created or used by Mustang Panda, which range from malicious files claiming to come from the Vietnam government to others that impersonate documents from religious organizations.
- Mustang Pandas targets include the Shan Tai, a Southeast Asian minority group, whose members are primarily Theravada Buddhists, the Communist Party of Vietnam, people interested in the United Nationsโ Security Council Committeeโs resolutions relating to the Islamic State in Iraq and the Levant, and China Zentrum, a German non-profit, among others.
- The researchers were able to link the campaign with Mustang Panda by analyzing tactics that both have in common.
- Anomali said that the distribution method of the documents has not been confirmed, though it is likely to be part of a spearfishing campaign, an email scam that targets specific individuals or organizations.
Context: Mustang Pandaโs broad range of targets is noteworthy since Chinaโs APT groups are usually specific in their focus. For example, APT19 focuses on espionage in the legal and investment sectors, while APT40 typically targets Belt and Road nations.
- A number of these groups focus on sectors that China hopes to develop, with the primary goal of aiding in the countryโs technological advancement. These groups have been accused of targeting foreign firms to steal intellectual property.
