An Advanced Persistent Group that has been active for several years, HoneyMyte, also known as Mustang Panda, has adopted different techniques to carry out attacks in recent years and has focused on various targeting profiles. A recent report by cybersecurity firm Kaspersky released last July revealed that a group of activities has carried out cyber espionage attacks against government entities in Myanmar and the Philippines since at least October 2020. While they initially focused their attention on Myanmar, threat actors have shifted their focus to the Philippines. They usually get an initial foothold in the system via spear-phishing emails with a Dropbox download link.
Once clicked, this link downloads a RAR file disguised as a Word document that contains a malicious payload. Once downloaded onto the system, the malware attempts to infect other hosts by spreading via removable USB drives. If the drive is found, the malware creates a hidden directory on the drive, where it then moves all of the victim’s files, along with the malicious executable. Kaspersky experts attribute this activity called LuminousMoth, which is closely related to the HoneyMyte threat group, a well-known, long-standing Chinese-language threat actor with moderate to high confidence.
HoneyMyte is primarily interested in collecting geopolitical and economic intelligence in Asia and Africa. For example, in a previous attack carried out since mid-2018, this threat actor used PlugX implants, as well as a multi-stage PowerShell script similar to CobaltStrike. The campaign targets government entities in Myanmar, Mongolia, Ethiopia, Vietnam, and Bangladesh.
The best thing to do against Mustang Panda or these kinds of threats is to provide your staff with basic cybersecurity training, as many targeted attacks start with phishing or other social engineering techniques Perform cybersecurity audits of your network and fix any vulnerabilities that are found at the perimeter or within the network. Installs anti-APT and EDR solutions, enabling timely threat discovery and detection, investigation, and incident remediation capabilities.
More reads:
GhostEmperor group that targets high profile users
StrongPity infamous group of cybercriminals
