Mustang Panda’s new modular FDMTP backdoor shows cyberattacks are evolving systems, not one-time hits as Fenix24 CISO Heath Renfrow mentions. Stay alert and adaptive to defend effectively. Learn more: okt.to/HTaL8o #Cybersecurity #APT

#ThreatProtection China-nexus activity in APJ, FDMTP backdoor deployed. Read more about Symantec's protection: broadcom.com/support/securit…

Mustang Panda’s new modular FDMTP backdoor shows cyberattacks are evolving systems, not one-time hits as Fenix24 CISO Heath Renfrow mentions. Stay alert and adaptive to defend effectively. Learn more: okt.to/r7qSic #Cybersecurity #APT

Chinese 🇨🇳 Twill Typhoon targets APAC orgs using updated FDMTP backdoor via DLL sideloading with legitimate Windows tools. Campaign uses staged payloads: legitimate binary → config file → malicious DLL → C2 via fake CDN infrastructure. #DFIR_Radar

🚨 New Campaign by China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites hackread.com/chinatwill-typh… Twill Typhoon, a threat actor linked to China, is using fake Apple and Yahoo CDN sites to support espionage activity across Japan and APAC. The campaign uses DLL sideloading, legitimate Windows tools, and the FDMTP malware framework to stay quiet, gather host details, and keep access alive. In one finance org, the attackers reportedly remained inside for 11 days, with malware checking in every five minutes to fake infrastructure like icloud-cdn[.]net. #ThreatIntelligence #TwillTyphoon #CyberSecurity #Apple #Yahoo

Researchers spotted an updated version of the FDMTP backdoor being deployed through DLL sideloading. techradar.com/pro/security/i…

Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor darktrace.com/blog/chinese-a…

アジア太平洋地域でのスパイ活動において、Mustang PandaがFDMTPバックドアの更新版と関連付けられる Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign #InfosecurityMagazine (May 15) infosecurity-magazine.com/ne…

Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign infosecurity-magazine.com/ne… #cybersecurity #infosec #hacking

Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor Darktrace have identified activity consistent with Chinese-nexus operations, a Twill Typhoon-linked campaign targeting customer environments, primarily within the Asia-Pacific & Japan (APJ) region darktrace.com/blog/chinese-a… @Darktrace

We have been tracking similar FDMTP samples since past year 2024. They are dropped via AITM software updates hijacking. As a second stage malware, we have observed FDMTP downloading MgBot from the Daggerfly CN APT group.

Earlier this week, @malwrhunterteam reported several unknown samples. Our code similarity engine attributes them to the #FDMTP hacktool, originally reported by @TrendMicro last year. This hacktool is a simple downloader used by the Chinese #APT group #EarthPreta (#MustangPanda). We retrohunted for this downloader and uncovered additional recent samples. We also extracted the embedded configuration, which is stored in an encrypted format (Base64 DES). 🧬#IOCs: 5c0fc49ed99e75886fe61c3fc41c587900775230ac518e059dbf779660dfaec6 aac8e8b1b20c9b6199dac77d88fb4d696cb1f01f2000238dd9d367d9c6dbf936 ef0d64f099058e8656da1ff85203e74eedbf3f5aca6442c6025e06b96e567077 3c1eefad5b96e8f9e8ecaab6c054ca2bc7a7929b03f814f94ba4beab2703aa07 154[.]90[.]32[.]88:8043 8[.]217[.]56[.]157:6379 8[.]217[.]47[.]190:8848 8[.]210[.]195[.]35:8080

中国拠点の脅威アクター「Mustang Panda」は、2014年頃から活動が確認されている高度なサイバースパイグループであり、米国・欧州・モンゴル・ミャンマー・パキスタン・ベトナムなどの政府機関、NGO、宗教団体を標的に、地政学的テーマや現地語を用いたスピアフィッシング攻撃を展開している。 既存のマルウェア（PlugX、Poison Ivy、Toneshell）に加え、新種のFDMTPやPTSOCKETなどを駆使し、最新の防御機構を回避する能力を備える。 2025年初頭には米司法省と仏当局が、同グループによるUSB経由のPlugX感染（4200台以上）を無効化した事例が注目された。 Mustang Pandaは短期的な金銭目的ではなく、長期的な情報収集を重視し、正規Windowsツールを悪用する「Living-off-the-land」戦術を多用する。 具体的には、LNKファイルをWordやPDFに偽装して配布し、開封時にMsiexec.exeを利用して静かに不正ペイロードを実行、さらにDLLサイドローディングを用いて正規署名バイナリの陰で持続的かつ秘匿的に活動する。こうした高度な持続性・ステルス性を武器に、重要インフラや政府通信に長期的な脅威を与えている。 cybersecuritynews.com/china-…

Mustang Panda upgrades its #malware arsenal with new tools like FDMTP & PTSOCKET, boosting data theft and espionage across APAC. Learn how these advanced attacks may impact your organization: thehackernews.com/2024/09/mu… #infosec #cybersecurity

New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. #cybersecurity bleepingcomputer.com/news/se…

中国のハッカー集団Mustang PandaがFDMTPやPTSOCKETを使用している。トレンドマイクロ報告。他の使用されたマルウェアを含む固有名詞多数。初期侵入はスピアフィッシング。使用されたHIUPANマルウェアはUSB記録媒体に感染して拡散希望。 bleepingcomputer.com/news/se…