Summary: The China-linked threat actor Mustang Panda has targeted an organization in Myanmar with advanced malware, introducing tools such as a revamped backdoor called TONESHELL, a new lateral movement tool named StarProxy, and several keyloggers. This attack demonstrates the group’s continuous evolution in cyber capabilities, including methods to evade detection by security systems. Mustang Panda, active since at least 2012, is recognized for targeting governments and NGOs, especially in East Asia.
Affected: Unspecified organization in Myanmar
Keypoints:
- Mustang Panda has introduced updated malware, including a sophisticated backdoor and new lateral movement tools.
- StarProxy enables traffic proxying and communication between infected devices and command-and-control servers.
- New keyloggers PAKLOG and CorKLOG are designed for data collection without direct exfiltration capabilities.
- A new kernel driver, SplatCloak, enhances operational security by disabling EDR defenses, allowing greater stealth during attacks.
Source: https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html