A new espionage campaign targeting U.S. government entities has been identified, involving a custom backdoor called LOTUSLITE likely linked to Mustang Panda. The campaign uses spear-phishing with geopolitical lures and DLL sideloading to establish persistence, highlighting ongoing targeted cyber espionage efforts. #MustangPanda #LOTUSLITE
Keypoints
- The campaign targets U.S. government and policy-related entities using spear-phishing tactics.
- Attackers use a legitimate Tencent music streaming executable to sideload a malicious DLL called kugou.dll.
- The custom backdoor, LOTUSLITE, is designed for espionage, supporting remote command and enduring persistence.
- The malware mimics legitimate web requests, using User-Agent strings and headers to blend in with normal network traffic.
- Researchers associate the campaign with Mustang Panda based on behavioral patterns and operational techniques.