Organizations in Europe and the Asia Pacific are being targeted by Chinese state-sponsored hacking group Mustang Panda, also known as Earth Preta, HoneyMyte, Bronze President, Red Lich, and RedDelta with phishing lures related to the ongoing war between Russia and Ukraine, The Hacker News reports.
Mustang Panda's latest campaign involves the delivery of phishing emails containing a decoy archive with a Microsoft Word file that uses DLL side-loading to trigger PlugX execution in memory, according to a report from BlackBerry.
"Their attack chain remains consistent with the continued use of archive files, shortcut files, malicious loaders, and the use of the PlugX malware, although their delivery setup is usually customized per region/country to lure victims into executing their payloads in the hope of establishing persistence with the intent of espionage," said BlackBerry researcher Dmitry Bestuzhev, who added that there was no overlap between the attacks and those reported by Trend Micro last month.