Mustang Panda
Mustang Panda is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. Mustang Panda has been known to use tailored phishing lures and decoy documents to deliver malicious payloads. Mustang Panda has targeted government, diplomatic, and non-governmental organizations, including think tanks, religious institutions, and research entities, across the United States, Europe, and Asia, with notable activity in Russia, Mongolia, Myanmar, Pakistan, and Vietnam.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
6 mentions · 3 sources"Researchers mapped a Mustang Panda espionage campaign targeting India's banking sector and South Korean policy circles, deploying the updated LOTUSLITE backdoor."
"Mustang Panda remained highly active in Southeast Asia, the United States, and Europe, focusing on the governmental, engineering, and maritime transport sectors."
"Adversaries including MURKY PANDA MUSTANG PANDA OVERCAST PANDA SUNRISE PANDA , and WARP PANDA targeted the tech sector more than any other industry."
"the China-aligned threat actor TA416 resumed observed targeting of European government and diplomatic organizations"
"TA416 most directly overlaps with public reporting on RedDelta, Red Lich, Vertigo Panda, SmugX, and DarkPeony."
"Mustang Panda (APT-C-08) organization recently uses Python samples packaged with NUITKA"
Hedge terms observed