Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Mustang Panda multi-country espionage campaign against government and telecom targets

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 2 articles

Summary

Hide ▲

A Mustang Panda espionage campaign targeted government entities across Myanmar, Mongolia, Malaysia, and Russia, showing sustained multi-country activity from 2021-2025. The operation matters because it paired DLL side-loading with signed executables to deliver backdoors and next-stage modules. It also extended to telecom operators and used multiple toolchains for credential theft, file theft, and remote access. The same intrusion set repeatedly blended COOLCLIENT, PlugX, LuminousMoth, and stealer tooling to support long-running post-exploitation.

Related Happenings

Webworm multi-country targeting campaign against government and enterprise victims

Campaign
First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...

Open Happening

FDMTP 3.2.5.1 modular backdoor activity in Asia-Pacific and Japan

Malware Activity
First: 14.05.2026 18:00 Last: 14.05.2026 18:00 Sources 1

About this happening: An updated **FDMTP backdoor** variant is active in a **months-long espionage operation** against **Asia-Pacific and Japan** networks, increasing the risk of stealthy remote access...

Open Happening

Mustang Panda Asia-Pacific and Japan CDN impersonation espionage campaign

Campaign
First: 14.05.2026 18:00 Last: 14.05.2026 18:00 Sources 1

About this happening: A **Mustang Panda** espionage campaign used **CDN impersonation** and **DLL sideloading** to target **Asia-Pacific and Japan** networks, extending from **late September 2025 throu...

Open Happening

MuddyWater broad cyber-espionage campaign across sectors and countries

Campaign
First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...

Open Happening

Major South Korean electronics manufacturer hit by data theft breach

Incident
First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: A **major South Korean electronics manufacturer** suffered a **week-long intrusion** in **February 2026**, giving attackers time to conduct **reconnaissance**, **credential theft*...

Open Happening

Timeline

  1. 28.01.2026 13:40 2 articles · 3mo ago

    Mustang Panda multi-country espionage campaign against government and telecom targets

    Initial Disclosure

    The operation began as a multi-year espionage effort against **government** and **telecom** targets, with activity observed from **2021** onward. Early tradecraft centered on **signed binaries** and **DLL side-loading** to launch malicious modules and establish persistence.

    Show sources
    Open in new tab
  2. 30.12.2025 10:35 1 articles · 4mo ago

    Mustang Panda deploys kernel-mode TONESHELL loader

    Campaign Scope Update

    Kaspersky identified a Mustang Panda campaign that used a previously undocumented kernel-mode rootkit driver to deliver the TONESHELL backdoor against an unspecified entity in Asia, with related activity tied to government targets in Myanmar and Thailand. The driver, signed with an old, stolen, or leaked certificate, was used in 2025 operations that showed a shift toward kernel-mode injectors to deploy ToneShell and hide its activity.

    Show sources
    Open in new tab