A China-linked threat actor known as Mustang Panda has launched a cyber espionage campaign targeting the Tibetan community, utilizing spear-phishing and Tibet-themed lures. The campaign involved deploying malware such as PUBLOAD and Pubshell, with targeted activities also extending to Taiwan and other East Asian entities. #MustangPanda #Hive0154 #PUBLOAD #Pubshell #Tibet
Keypoints
- Mustang Panda is implicated in a campaign targeting Tibet and East Asian organizations.
- The attacks use Tibet-related topics and spear-phishing emails to deliver malware payloads.
- Malware includes PUBLOAD, Claimloader, and Pubshell, which create remote access capabilities.
- The campaign also involves a USB worm called HIUPAN to spread malware on Taiwanese targets.
- China-linked threat actor Hive0154 frequently updates its toolset and maintains sophisticated operations.
Read More: https://thehackernews.com/2025/06/pubload-and-pubshell-malware-used-in.html