Central and South Asian telecommunications and manufacturing sectors are targeted by a campaign distributing a new PlugX malware variant that shares features with RainyDay and Turian backdoors. The campaign indicates possible links between Chinese-linked threat groups Lotus Panda and BackdoorDiplomacy, emphasizing the use of modular malware like PlugX and Bookworm for cyber espionage. #PlugX #RainyDay #Turian #LotusPanda #BackdoorDiplomacy #MustangPanda #Bookworm
Keypoints
- The campaign targets telecommunications and manufacturing companies in Central and South Asia.
- A new PlugX variant exhibits overlapping features with RainyDay and Turian backdoors, suggesting shared techniques.
- Chinese-linked groups Lotus Panda and BackdoorDiplomacy may share resources or be interconnected.
- Attack chains exploit legitimate applications for DLL side-loading to deploy malware.
- The Mustang Panda actor employs modular malware such as Bookworm for sustained cyber espionage.
Read More: https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html