top of page
Clipeus

Mustang Panda Targeting Of the Philippines

Palo Alto Unit 42 reported an espionage campaign attributed to the Chinese state-sponsored actor Mustang Panda. The campaign took place in August 2023 and targeted the Philippines in a timeframe consistent with the escalation of tension in the South China Sea between Beijing and Manila. The attacker leveraged quite interesting TTPs consistent with the delivery of an archived folder containing legitimate versions of software such as Solid PDF Creator and the Indonesian antivirus SmadavProtect; however, the same folder included a hidden dynamic link library used to side-load malware. Evasion techniques included impersonating Microsoft traffic for command-and-control. The event is consistent with China-linked espionage activities across the region.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page