Chinese-linked hackers targeted US entities with Venezuelan-themed malware: Cybersecurity firm
Sign up now: Get ST's newsletters delivered to your inbox
The US Department of Justice said in Janurary 2025 that Mustang Panda was a "group of hackers sponsored by the People’s Republic of China".
PHOTO: REUTERS
Follow topic:
A Chinese-linked cyberespionage group targeted US government and policy-related officials with Venezuela-themed phishing e-mails in the days after the US operation to topple former Venezuelan president Nicolas Maduro
The previously unreported campaign is the latest example of a long-running Chinese cyberespionage group known as “Mustang Panda” using headlines or key issues in a given country as a means to steal data and establish footholds in US government entities.
In this case, the group referenced the US seizure of Maduro and his wife
It uncovered the campaign after spotting a zip file “US now deciding what’s next for Venezuela” that was uploaded on Jan 5 to a publicly accessible malware analysis service.
The file contained malware revealing code and infrastructure overlapped with prior cyberespionage campaigns carried out by a group tracked by industry researchers as Mustang Panda, the researchers said in a report on their findings.
The specific targets of the hacking campaign were not clear, according to the researchers, and it was not clear if any of them were compromised. If implanted, the malware would allow its operators to steal data from targeted computers and enable persistence for ongoing access, according to the analysis.
The researchers suspect the malware targeted US government entities and unnamed policy-related entities based on technical indicators associated with the sample that was uploaded for analysis, and the types of organisations historically targeted by Mustang Panda.
The malware included in the zip file was compiled at 6.55am GMT on Jan 3, according to the analysis, just hours after the US operation to seize Maduro began.
A sample of the malware was uploaded to the sandbox at 8.27am on Jan 5, the researchers said, the same day Maduro and his wife Cilia Flores pleaded not guilty to narcotics and weapons charges
Acronis reverse engineer and malware analyst Subhajeet Singha, one of the authors of the analysis, said in an interview that the hackers in this case appeared to be moving quickly to take advantage of a rapidly developing geopolitical situation of high interest, leaving some artefacts that helped link the malware to prior Mustang Panda operations.
“These guys were in haste,” the engineer said, adding that the hackers’ work was not of the same quality as previous efforts.
The US Department of Justice said in a January 2025 statement that Mustang Panda was a “group of hackers sponsored by the People’s Republic of China”, which has been paid to develop spying malware and penetrate target networks.
A spokesperson for the Chinese embassy in Washington said in an e-mail: “China has consistently opposed and legally combated all forms of hacking activities, and will never encourage, support or condone cyberattacks. China firmly opposes the dissemination of false information about so-called ‘Chinese cyberthreats’ for political purposes.”
The FBI declined to comment. REUTERS
