74 matches found
Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor
Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works...
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations...
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich,...
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN aka USBFect, MISTCLOAK...
Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials
A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works...
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda aka Earth Preta, Fireant, HoneyMyte,...
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S...
HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks
HoneyMyte Mustang Panda is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia...
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
The Chinese hacking group known as Mustang Panda aka HoneyMyte has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky,...
XML External Entity (XXE) Injection
Mustang is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper restriction of external entity references during XML processing, which allows an attacker to exploit XXE attacks to exfiltrate arbitrary files from the affected system...
Trend Vision One™ Stacks Up Against Scattered Spider and Mustang Panda in 2025 MITRE ATT&CK® Evaluations
Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations...
CVE-2025-66372
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...
net.codinux.invoicing:e-invoice (>=0.5.0 <=0.5.2), net.codinux.invoicing:e-invoice-domain-android (>=0.6.0 <=0.8.0) +2 more potentially affected by CVE-2025-66372 via org.mustangproject:library (>=2.0.0 <=2.16.2)
org.mustangproject:library MAVEN version =2.0.0, =0.5.0, =0.6.0, =0.6.0, =2.0.0, =2.16.2 Source cves: CVE-2025-66372 Source advisory: OSV:GHSA-X832-FPVJ-R5PH...
EUVD-2025-199853
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...
CVE-2025-66372
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...
CVE-2025-66372
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...
PT-2025-48314
Name of the Vulnerable Software and Affected Versions Mustang versions prior to 2.16.3 Description Mustang before version 2.16.3 is susceptible to XML External Entity XXE attacks, which can lead to the exfiltration of files. XXE attacks occur when an application parses XML input that contains a...
CVE-2025-66372
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...
CVE-2025-66372
Mustangproject
CVE-2025-66372
Mustang before 2.16.3 allows exfiltrating files via XXE attacks...