Be Careful! The APT Mustang Panda Group Should Not Be Underestimated

HoneyMyte aka Mustang Panda has adopted a different technique to carry out attacks. (photo: doc. unsplash )

JAKARTA - An Advanced Persistent Group (APT) that has been active for several years, HoneyMyte aka Mustang Panda has adopted different techniques to carry out attacks over the past few years, and has focused on various targeting profiles.

A recent report from cybersecurity firm Kaspersky published last July revealed that a group of activities has carried out cyber-espionage attacks against government entities in Myanmar and the Philippines since at least October 2020.

While initially focusing their attention on Myanmar, threat actors have shifted their focus to the Philippines. They usually get an initial foothold in the system via spear-phishing emails with a Dropbox download link.

Once clicked, this link downloads a RAR archive disguised as a Word document that contains a malicious payload. Once downloaded on the system, the malware tries to infect other hosts by spreading via removable USB drives. If the drive is found, the malware creates a hidden directory on the drive, where it then moves all of the victim's files, along with the malicious executable.

Kaspersky experts attribute this activity dubbed LuminousMoth, which is closely related to threat group HoneyMyte, a well-known Chinese-language threat actor, long-established, with moderate to high confidence.

HoneyMyte is primarily interested in gathering geopolitical and economic intelligence in Asia and Africa. For example, in a previous attack carried out from mid-2018, this threat actor used PlugX implants, as well as a multi-stage PowerShell script resembling CobaltStrike. The campaign targets government entities in Myanmar, Mongolia, Ethiopia, Vietnam, and Bangladesh.

Based on targeting government organizations in Asia and Africa, Kaspersky assesses that one of HoneyMyte's main motivations is gathering geo-political and economic intelligence.

There are many ways an organization can stay safe from such attacks. Kaspersky experts suggest as compiled by VOI, Monday, September 13.

Provide your staff with basic cybersecurity hygiene training, as many targeted attacks begin with phishing or other social engineering techniques Perform cybersecurity audits of your network and fix vulnerabilities found on the perimeter or within the network. Installs anti-APT and EDR solutions, enabling timely threat discovery and detection, investigation, and incident remediation capabilities.

Give your SOC team access to the latest threat intelligence and update them with professional training on a regular basis.

Equip your organization with the right endpoint protection, dedicated services can help fight high profile attacks.