Chinese Advanced Persistent Threat (APT) Mustang Panda has stepped up its espionage against diplomatic missions, research organizations, and internet service providers (ISPs) in and around Southeast Asia.
According to ESET experts, the APT has deployed a brand-new, customised form of an old but strong remote-access tool (RAT) named PlugX (aka Korplug). They dubbed this new variation “Hodur” after a blind Norse god. Mustang Panda has also created a comprehensive set of tactics, methods, and procedures (TTPs) to make its attacks more effective.
According to ESET, the new variant “mostly lines up with other Korplug variants, with some additional commands and characteristics.”