Mustang Panda, a China resident threat actor, is also known as Red Delta or Bronze President. This threat actor has targeted organizations worldwide since approximately 2012. These targets have included European organizations such as government agencies and religious organizations. American organizations have also been targeted, along with religious organizations. Threat researchers purported that Mustang Panda even targeted Catholic organizations within the Vatican.
Mustang Panda has also been observed targeting Asian countries. These have included telecommunication firms in India, Myanmar, Tibet, and other countries. Taiwan has also been extensively targeted, which is not surprising given that Mustang Panda is likely a resident of mainland China.
In terms of techniques, Mustang Panda is known to send phishing emails to achieve initial penetration. The phishing emails are sufficiently researched to appear very close to legitimate documents relevant to the targeted individuals and their organizations. The tactics, techniques, and procedures (TTPs) used by Mustang Panda include consistently using the PlugX remote access trojan (RAT). Not coincidentally, the PlugX RAT was first identified in 2012 by threat researchers and has been tracked in its use by varying Chinese cyber threat groups, most notably APT10.
The PlugX RAT is usually accompanied by custom stagers, reverse shells, meterpreter, and Cobalt Strike. Based upon observed actions over many years, the intent of Mustang Panda centers around espionage campaigns. Note that a stager is a small executable used as an initial payload by the threat actor.
Mustang Panda has been responsible for campaigns targeting many government organizations in the United States. Mustang Panda has also been very active in targeting government organizations in Asian countries, including Myanmar, Japan, Hong Kong, and often Taiwan. Mustang Panda has, at times, seemed to take a particular interest in targeting the government of Myanmar and has done so repeatedly since about 2019. Finally, it is worth noting that Mustang Panda has used the ASEAN summit as a topic for their phishing emails to penetrate targeted individuals and organizations which are part of the ten member countries that will attend this summit.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.