• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

New Backdoor MQsTTang Attributed to Mustang Panda Group

You are here: Home / General Cyber Security News / New Backdoor MQsTTang Attributed to Mustang Panda Group
March 3, 2023

Security researchers from ESET have identified a new customized backdoor they dubbed MQsTTang and attributed it to the sophisticated persistent danger (APT) group recognized as Mustang Panda.

Writing in an advisory published on March 2, 2023, ESET malware researcher, Alexandre Côté Cyr explained the new backdoor is element of an ongoing marketing campaign the company traced back to early January.

“Unlike most of the group’s malware, MQsTTang doesn’t feel to be based on current families or publicly out there projects.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Côté Cyr also highlighted that while Mustang Panda is known for its Korplug variants (AKA PlugX) and elaborate loading chains, MQsTTang is a fairly less complicated piece of malware.

“In a departure from the group’s normal tactics, MQsTTang has only a solitary phase and doesn’t use any obfuscation techniques,” the malware expert wrote. It is also dispersed in RAR archives that only contain a single executable.

“These archives are hosted on a web server with no affiliated domain name. This truth, along with the filenames, leads us to feel that the malware is spread by using spear phishing.”

As the name implies, the backdoor leverages the Concept Queuing Telemetry Transportation (MQTT) protocol, ordinarily made use of for IoT machine-controllers conversation, for C&C interaction.

“One of MQTT’s positive aspects is that it hides the rest of [its] infrastructure guiding a broker. Therefore, the compromised machine hardly ever communicates right with the C&C server,” Côté Cyr wrote.

Concerning targets, the researcher mentioned Mustang Panda employed the new backdoor to infect mysterious entities in Australia and Bulgaria, as nicely as a governmental institution in Taiwan.

“However, due to the character of the decoy filenames utilized, we believe that that political and governmental businesses in Europe and Asia are also becoming targeted,” read the ESET advisory, introducing that the team formerly qualified businesses in the EU location.

The exploration comes two after the EU Company for Cybersecurity (ENISA) produced a publication warning member states towards quite a few Chinese APTs, including Mustang Panda.


Some pieces of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News CISA Warns Against Royal Ransomware in New Advisory
Next Post: New FiXS ATM Malware Targeting Mexican Banks new fixs atm malware targeting mexican banks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.