Chinese hackers have launched a broad campaign against international minority groups, nongovernmental organizations, and governments, distributing weaponized documents through email, cybersecurity researchers say.
Why it matters: The group, dubbed Mustang Panda, is an advanced persistent threat (APT) group, typically state-backed hackers involved in long-term clandestine espionage campaigns.
- The latest offensive has run since November 2018 and covers a wide range of governmental and private sector targets.
- China’s state-backed hackers often target countries and industries that are strategically important, including nations that form part of China’s Belt and Road Initiative and sectors aligned with the country’s technological development goals.
“The lure documents are themed to be relevant to their targets, and in some cases are copies of legitimate documents that are publicly available… The use of United Nations’ documents regarding activities in the Middle East may also be indicative of think-tank targeting.”
—Researchers at cybersecurity firm Anomali
Details: Anomali identified around 15 different documents created or used by Mustang Panda, which range from malicious files claiming to come from the Vietnam government to others that impersonate documents from religious organizations.
- Mustang Pandas targets include the Shan Tai, a Southeast Asian minority group, whose members are primarily Theravada Buddhists, the Communist Party of Vietnam, people interested in the United Nations’ Security Council Committee’s resolutions relating to the Islamic State in Iraq and the Levant, and China Zentrum, a German non-profit, among others.
- The researchers were able to link the campaign with Mustang Panda by analyzing tactics that both have in common.
- Anomali said that the distribution method of the documents has not been confirmed, though it is likely to be part of a spearfishing campaign, an email scam that targets specific individuals or organizations.
Context: Mustang Panda’s broad range of targets is noteworthy since China’s APT groups are usually specific in their focus. For example, APT19 focuses on espionage in the legal and investment sectors, while APT40 typically targets Belt and Road nations.
- A number of these groups focus on sectors that China hopes to develop, with the primary goal of aiding in the country’s technological advancement. These groups have been accused of targeting foreign firms to steal intellectual property.