Novel custom Mustang Panda backdoor leveraged in attacks

BleepingComputer reports that Chinese state-sponsored advanced persistent threat operation Mustang Panda, also known as Bronze President and TA416, has leveraged the new "MQsTTang" custom backdoor in an ongoing campaign that commenced in January. Most attacks with the new MQsTTang backdoor, which were facilitated through spear-phishing emails, have been aimed at Ukrainian and Taiwanese government and political organizations, although other entities in Europe and Asia have also been targeted, an ESET report revealed. Researchers noted that MQsTTang, which is not based on previous malware in a potential bid to bypass detection, allows remote command execution on targeted machines, as well as leverages the MQTT protocol for communicating with the command-and-control server. "This new MQsTTang backdoor provides a kind of remote shell without any of the bells and whistles associated with the group's other malware families," said ESET. Mustang Panda's new campaign did not involve PubLoad, ToneShell, and ToneIns malware strains leveraged in an operation from March to October 2022.