Hodur Malware Takes Advantage of Ukraine Invasion
is the headline of the news that the author of WTM News has collected this article. Stay tuned to WTM News to stay up to date with the latest news on this topic. We ask you to follow us on social networks.
Mustang Panda, the cyberespionage group behind the new Hodur malware campaign, is taking advantage of the Ukraine war and other European current affairs to extract phishing documents, among others.
About this, ESET Research has announced that among the known victims are research entities, Internet service providers (ISPs) and European diplomatic missions located mostly in East and Southeast Asia.
“ESET researchers attribute this campaign with high confidence to Mustang Panda, also known as TA416, RedDelta or PKPLUG. It is a cyberespionage group that is mainly aimed at government entities and NGOs”, explains Alexandre Côté Cyr, malware researcher at ESET and who discovered Hodur.
The invasion has caused more than three million residents to flee the war to neighboring countries, according to the UNHCR, sparking an unprecedented crisis on Ukraine’s borders. One of the file names associated with this campaign is “Situation at the EU borders with Ukraine.exe”.
ESET uncovers Hodur malware in cyber espionage campaign exploiting Ukraine invasion and other European issues
Other phishing baits mention updated Covid-19 travel restrictions, an approved regional aid map for Greece, and a European Parliament and Council Regulation. The final lure is a real document available on the European Council website. This shows that the APT group behind this campaign follows current affairs and is able to react quickly and successfully to it.
Although ESET researchers have not been able to identify the sectors to which all the victims belong, this campaign appears to have the same goals as previous Mustang Panda campaigns.
Following typical APT victimology, the majority of victims are found in East and Southeast Asia, along with some European and African countries. According to ESET telemetry, the vast majority of targets are in Mongolia and Vietnam, followed by Myanmar, with only a few in other affected countries, such as Greece, Cyprus, Russia, South Sudan and South Africa. The vertical sectors identified include diplomatic missions, investigative entities and Internet service providers.
Mustang Panda campaigns often use custom loaders and then spread malware such as Cobalt Strike, Poison Ivy, and Korplug. The group is also known for creating their own Korplug variants.