Chinese state-sponsored APT group Mustang Panda has been observed targeting India's banking sector and US-Korea policy circles in a campaign using relatively unsophisticated tactics. The attacks use spear-phishing, DLL sideloading, and a LotusLite backdoor variant disguised as HDFC Bank software. Researchers at Acronis attribute the activity to Mustang Panda based on shared code and operational patterns. The targeting of Indian financial institutions appears intelligence-driven rather than financially motivated, with interest in cross-border transactions, government-linked accounts, and economic data. Analysts note that simple, well-understood techniques remain effective because organizations consistently fail to implement basic security controls.
Sort: