China-linked APT Mustang Panda has shifted its focus from purely geopolitical espionage to target Indian financial organizations, using spear-phishing and DLL sideloading to deliver a variant of its LotusLite backdoor disguised as regional banking software. The campaign relies on unsophisticated but disciplined tradecraft that remains effective against inconsistent basic defenses and appears aimed at intelligence collection rather than direct financial theft. #MustangPanda #LotusLite
Keypoints
- Mustang Panda (TA416) targeted Indiaβs banking sector, alongside US and Korean policy circles.
- Attackers used spear-phishing lures and DLL sideloading to deploy a LotusLite backdoor.
- The LotusLite variant was slightly modified and disguised to resemble regional banking software.
- Researchers believe the objective is intelligence gathering, not banking fraud or theft.
- Attribution to Mustang Panda is supported by shared code, operational patterns, and tooling.
Read More: https://www.darkreading.com/cyberattacks-data-breaches/chinese-apt-indian-banks-korean-policy