Chinese cyberspies, linked to Mustang Panda, targeted US government agencies with a phishing campaign exploiting geopolitical events like Maduroβs capture. The campaign involved a backdoor called Lotuslite that could steal data and maintain persistence. #MustangPanda #Lotuslite
Keypoints
- Chinese espionage group Mustang Panda launched a targeted phishing campaign against US government-related organizations.
- The campaign used a zip file with a legitimate executable and a hidden backdoor named Lotuslite.
- Mustang Panda has a history of exploiting geopolitical events, such as Maduroβs detention, to inform their attacks.
- The Lotuslite malware communicates via a hard-coded server to exfiltrate data and establish persistence.
- The attackers favor DLL sideloading techniques and execute medium-complexity operations for cyberespionage.
Read More: https://www.theregister.com/2026/01/15/chinese_spies_used_maduros_capture/