China APT group using Russia invasion, COVID-19 in phishing attacks

A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers (ISPs) and research institutions via phishing lures that refer to Russia’s invasion of Ukraine and COVID-19 travel restrictions.

The ongoing campaign was first seen in August 2021 and is being tied to Mustang Panda – a Chinese APT unit also known as TA416, RedDelta and PKPLUG – due to similar code and common tactics, techniques and procedures used by the group in the past, according to researchers with the cybersecurity firm ESET.

Mustang Panda is known for targeting governmental entities and non-governmental organizations (NGOs), with most of its victims being in East and Southeast Asia.

Read more…
Source: The Register