Chinese advanced persistent threat operation RedDelta has deployed attacks involving a new PlugX malware variant against Taiwan, Mongolia, Cambodia, Myanmar, and Vietnam from July 2023 to December 2024, The Hacker News reports.
Attacks by RedDelta — also known as Mustang Panda, Earth Preta, Camaro Dragon, Bronze President, and HoneyMyte — commence with spear-phishing emails using Mongolian flood protection, Taiwanese presidential candidate Terry Gou, and an Association of Southeast Asian Nations meeting as lures that contain malicious MSI, MSC, and LNK files to facilitate PlugX malware compromise, according to an analysis from Recorded Future's Insikt Group. Further analysis of the intrusions revealed communications between 10 admin servers and two command-and-control servers previously linked to RedDelta. "The group's Asia-focused targeting in 2023 and 2024 represents a return to the group's historical focus after targeting European organizations in 2022. RedDelta's targeting of Mongolia and Taiwan is consistent with the group's past targeting of groups seen as threats to the Chinese Communist Party's power," said researchers.
