Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Mustang Panda aimed at Myanmar with Starproxy, Edr Bypass and TonesHell updates
Global Security

Mustang Panda aimed at Myanmar with Starproxy, Edr Bypass and TonesHell updates

AdminBy AdminApril 17, 2025No Comments5 Mins Read
Mustang Panda Targets Myanmar
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


Mustang Panda aimed at Myanmar

Chinese actor threats known as Mustang Panda He was linked to cyber -napad aimed at an uncertain organization in Myanmar with previously unrelated instruments, emphasizing the constant efforts from the subjects threat to enhanced and the effectiveness of his malware.

These include updated versions of the famous rear Toneas well as a new side motion tool called Starproxy, two Keylogger cadencies Splatcloak.

“Toneshell, the back of the Mustang Panda, was updated with changes in its FAKETLS Command and Control (C2) communications protocol, as well as in customer IDs creation and storage methods,” said the Zscaler OPHERLABZ SINGH IN A IN A IN A IN A IN A IN A IN A IN A IN A IN A IN A IN two parts analysis.

Mustang Panda, also known as a pool, bronze president, Camaro Dragon, Earth Preta, Honeymy and Reddelta, is a Chinese state actor supported by a state that has been working at least since 2012.

Cybersecurity

Known for their attacks on governments, military entities, minorities and non -governmental organizations (NGOs), above all, in countries in East Asia, and to a lesser extent in Europe, the group has history Using the Dll Loading Loading Shipping methods malicious software for connection.

However since the end of 2022 companies organized by Mustang Panda Tonewhich is designed to load the useful loads to the next stage.

ZSCALER said he discovered three new malware options that come with different levels of sophistication –

  • Option 1acting as a simple backbone
  • Option 2Including functionality to download Dll with C2 and execution of them, introduced Dll into legal processes (eg svchost.exe)
  • Option 3which includes functionality to download files and creating a sub -processes to execute commands derived from the remote server via custom protocol based on TCP

The new piece of software associated with Mustang Panda is Starproxy, which is launched by DLL-loading and designed to use the Faketls protocol for proxy traffic and facilitating attackers.

“After the active, Starproxy allows the attackers to conduct proxies between the infected devices and their C2 servers. Starproxy reaches this using TCP rescue to communicate with the C2 server via the faketls protocol, sewing all exchange data with a custom algorithm based on Xor,”

“In addition, the tool uses the command line arguments to indicate IP address and the port for communication, allowing the attackers to transmit data through compromised machines.”

Star activity

It is believed that Starproxy is unfolding as a tool for access to internal workstations on the network that is not directly exposed to the Internet.

Also identified two new Keyloggers, Paklog and Corklog used to control and clipboard data. The main difference between them is that the latter store the captured data in the encrypted file, using the 48-character key RC4 and implements the mechanisms of persistence, creating services or planned tasks.

Both keys lack their own exfiltration capabilities, that is, they exist solely for collecting keys and writing them to a certain place, and that the actor threatens other methods to transfer their infrastructure.

Disabling new additions to Arsenal Mustang Panda Arsenal-it’s Splatcloak, Windows kernel driver, deployed Splatdrper, which is equipped to disable Edr-related procedures implemented by Windows Defender and Kaspersky, allowing it to fly under the radar.

“Mustang Panda demonstrates an estimated approach to achieving its goals,” Singh said. “Permanent updates, new tools and layered clutches lengthens the group security and improves the efficiency of attacks.”

UNC5221 falls on new versions of Windows Tarticing Windows Brickstorm

Disclosure of information occurs when cyber-spying cluster China-NEXUS was called Unc5221 united For the use of the new Brickstorm malicious software in the Windows environment in Europe, at least 2022, Belgian NVISO cybersecurity firm reports.

Cybersecurity

Brickstorm, First documented Last year Due to the exploitation of the zero day Ivanti Connect Secure Zero-Day vulnerability (CVE-2023-46805 and CVE-2024-21887) vs. MITER corporation is the back of Golang, deployed on Linux servers running VMware Vcenter.

“It supports the ability to customize itself as a web server, execution of manipulation with file system and directory, execution of operations from the file – Note In April 2024, “Brickstorm reports over WebSockets to a hard coded C2”.

Recently identified Windows artifacts, also written in GO, provide attacker file manager and tunnel network capabilities, allowing them to view the file system, create or delete files and connecting tunnels for lateral motion.

They also decide the C2 servers via DNS-Over-HTTPS (Roof), and designed for evading network protection networks such as DNS monitoring, TLS inspection and geolocation.

“Windows samples (..) are not equipped with the capabilities of commands,” Nviso said. “Instead, the opponents were observed using network tunnel capabilities in combination with valid accounts for abuse of known protocols such as RDP or SMB, thus reached such execution of commands.”

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.