October 7, 2019

Anomali Threat Research Team Discovers Cyber Campaign Conducted by Mustang Panda, a Known China Backed APT

Attacks Appear to be Targeting Minority Groups, Public and Private Sector Organizations

REDWOOD CITY, Calif., — October 7, 2019Anomali, a leader in intelligence-driven cybersecurity, today published research conducted by the Anomali Threat Research Team revealing an ongoing campaign carried out by Mustang Panda, an APT known to be backed by China. The team first revealed these findings on Wednesday, Oct. 2, during Anomali Detect 19, the company’s annual user conference, in a session titled: “Mustang Panda Riding Across Country Lines.”

CrowdStrike researchers first published information on Mustang Panda in June 2018, after approximately one year of observing malicious activities that shared unique Tactics, Techniques, and Procedures (TTPs). This campaign dates back to at least November 2018. The research does not indicate with absolute certainty which entities are being targeted or the impact the campaign has had. Based on the lure documents observed by Anomali, team members believe that the following organizations may be targeted:

  • Individuals interested in the United Nations’ Security Council Committee resolutions regarding the Islamic State in Iraq and the Levant (ISIL / Da’esh)
  • Mongolian-based MIAT Airlines
  • Non-profit China Center (China-Zentrum e.V.); according to its website, this officially recognized nonprofit organization’s aim is to foster encounters and exchange between cultures and religions in the West and in China
  • Targeted countries including but not limited to Germany, Mongolia, Myanmar (Burma), Pakistan, Vietnam
  • The Communist Party of Vietnam (CVP)
  • The Shan Tai; a group of people living in Southeast Asia, which Minority Rights Group International describes as a “minority” in the region, with members who are primarily Theravada Buddhists

This research will be useful to any public or private sector organizations that need to know more about how APTs such as Mustang Panda operate. By understanding how such threat actors conduct campaigns and the related observables and IOCs, organizations can make decisions that will help them to implement effective defenses.

Read the full research report: China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations

About Anomali

Anomali® delivers intelligence-driven cybersecurity solutions. Anomali Altitude™ platform solutions include Anomali ThreatStream®, Anomali Match™, and Anomali Lens™. Private enterprises and public organizations use Anomali to harness threat data, information, and intelligence to make effective cybersecurity decisions that reduce risk and strengthen defenses. The Anomali partner program provides access to threat feeds from all layers of the web and delivers seamless integrations into leading security infrastructure technologies. The Anomali Threat Research Team provides actionable threat intelligence that helps customers, partners and the overall security community to detect and mitigate the most serious threats to their organizations. Anomali customers include more than 350 global organizations, many of the Global 2000 and Fortune 500, and large government and defense organizations around the world. Founded in 2013, it is backed by leading venture firms including GV, Paladin Capital Group, Institutional Venture Partners, and General Catalyst. Learn more at www.anomali.com.


Joe Franscella
News Media Relations