Nation-State Actor
Mustang Panda
China • Active since 2012
Mustang Panda spreads malware through USB drives left in offices or mailed to targets. They spy on governments, NGOs, and religious groups, especially those involved with Tibet and Uyghur issues.
Overview
Mustang Panda is a Chinese state-sponsored threat group that targets government, nonprofit, and religious organizations. They are known for using USB drives as an infection vector and targeting entities across Asia and Europe.
Also Known As
Bronze President, TA416, RedDelta, Stately Taurus
Target Industries
Government, NGOs, Religious Organizations, Think Tanks, Telecom
Target Regions
Southeast Asia, Europe, Mongolia, Myanmar, Vatican
Is your business exposed?
Tactics, Techniques & Procedures
- • USB drive spreading
- • Spear-phishing
- • DLL side-loading
- • Shortcut file (LNK) abuse
- • Targeting religious and human rights organizations
Known Tools & Malware
PlugX, Korplug, Poison Ivy, Cobalt Strike, TONESHELL
Notable Campaigns
Vatican Targeting (2020)
Targeted Vatican networks ahead of China-Vatican negotiations.
Southeast Asia Government Targeting (2021-2023)
Ongoing operations against ASEAN member governments.
MITRE ATT&CK Techniques
T1091, T1566.001, T1574.002, T1547.009, T1059
Defense Recommendations
- 1.
Disable USB autorun
- 2.
Monitor for PlugX indicators
- 3.
Block DLL side-loading paths
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required