Network Security, Application security, Threat Intelligence

VSCode exploitation conducted in new Mustang Panda attacks

Share
Chinese cyber threat

Attacks exploiting Visual Studio Code software for initial network compromise have been deployed by Chinese advanced persistent threat operation Mustang Panda against Southeast Asian government organizations, reports The Hacker News.

Mustang Panda — also known as Earth Preta, Camaro Dragon, HoneyMyte, RedDelta, Bronze President, Red Lich, and BASIN — leveraged the embedded reverse shell functionality of Visual Studio Code to facilitate command execution, file creation, and malware distribution, as well as reconnaissance and data exfiltration activities, an analysis from Palo Alto Networks Unit 42 revealed. Additional command execution and network dissemination have also been enabled by the utilization of OpenSSH, according to researchers, who also observed another activity cluster involving the ShadowPad malware targeted at similar endpoints. "Based on the forensic evidence and timeline, one could conclude that these two clusters originated from the same threat actor (Stately Taurus). However, there could be other possible explanations that can account for this connection, such as a collaborative effort between two Chinese APT threat actors," said researcher Tom Fakterman.

VSCode exploitation conducted in new Mustang Panda attacks

Mustang Panda leveraged the embedded reverse shell functionality of Visual Studio Code to facilitate command execution, file creation, and malware distribution, as well as reconnaissance and data exfiltration activities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.