China-Based APT Mustang Panda: Anomali Threat Research
The China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations
This whitepaper examines an ongoing campaign believed to be conducted by the China-based threat group, Mustang Panda. Minority groups, public and private sector organizations appear to be targeted by advanced persistent threats (ATPs) from the group. Information on Mustang Panda was first published by CrowdStrike in June 2018, and Anomali Threat Research has observed malicious activity that aligns with known tactics, techniques, and procedures (TTPs).
The targets indicated by specific lure documents align strategically with a China-sponsored APT group, and the themes of China's current five-year plan. As the country seeks to invest in infrastructure in over 100 countries, it is likely this kind of malicious activity will continue.
The full report details information around:
- Lure Document Analysis
- Technical Analysis
- Indicators of Compromise (IOCs)