Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FDMTP 3.2.5.1 modular backdoor activity in Asia-Pacific and Japan

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

An updated FDMTP backdoor variant is active in a months-long espionage operation against Asia-Pacific and Japan networks, increasing the risk of stealthy remote access and persistence. The payload was identified as version 3.2.5.1 and uses custom TCP with a persistent message loop for remote tasking. Its plugin set supports scheduled-task creation, registry persistence, file retrieval, and process manipulation.

Related Happenings

Mustang Panda Asia-Pacific and Japan CDN impersonation espionage campaign

Campaign
First: 14.05.2026 18:00 Last: 14.05.2026 18:00 Sources 1

How related: According to new analysis from Darktrace, multiple customer environments began making requests to attacker infrastructure impersonating well-known content delivery networks (CDNs) in late September 2025, with activity continuing through April 2026.

About this happening: A **Mustang Panda** espionage campaign used **CDN impersonation** and **DLL sideloading** to target **Asia-Pacific and Japan** networks, extending from **late September 2025 throu...

Open Happening

LOTUSLITE evolved backdoor activity in India banking-sector targeting

Malware Activity
First: 22.04.2026 10:58 Last: 22.04.2026 10:58 Sources 1

About this happening: An **evolved LOTUSLITE** backdoor is now being deployed with **remote shell**, **file operations**, **session management**, and **data exfiltration** capabilities, extending an **...

Open Happening

LotusLite backdoor delivered via DLL sideloading

Malware Activity
First: 21.04.2026 15:00 Last: 21.04.2026 15:00 Sources 1

About this happening: The **LotusLite** backdoor is being delivered through **malicious files** and **DLL sideloading**, creating a remote-access malware activity that supports **espionage**. The opera...

Open Happening

Mustang Panda multi-country espionage campaign against government and telecom targets

Campaign
First: 28.01.2026 13:40 Last: 28.01.2026 13:40 Sources 1

About this happening: A **Mustang Panda** espionage campaign targeted **government entities** across **Myanmar, Mongolia, Malaysia, and Russia**, showing sustained multi-country activity from **2021-20...

Open Happening

CoolClient backdoor variant adds browser login theft and clipboard monitoring

Malware Activity
First: 28.01.2026 00:26 Last: 28.01.2026 00:26 Sources 1

About this happening: The **CoolClient backdoor** used by **Mustang Panda** has been updated in a new variant that steals **browser login data** and monitors the **clipboard**, adding **active window t...

Open Happening

Timeline

  1. 14.05.2026 18:00 2 articles · 13d ago

    Darktrace discloses updated FDMTP backdoor campaign

    Initial Disclosure

    Darktrace disclosed an updated FDMTP 3.2.5.1 backdoor campaign affecting networks in Asia-Pacific and Japan, with activity linked at moderate confidence to Mustang Panda and associated tradecraft. The analysis describes attacker infrastructure impersonating CDNs, legitimate executables paired with malicious DLLs, custom TCP DMTP communications, four loadable plugins for scheduled-task creation, registry persistence, main-framework loading, and remote file retrieval and process manipulation, plus persistence through HKCU\Software\Microsoft\IME entries and an icloud-cdn[.]net update channel.

    Show sources
    Open in new tab