CyberWire Daily Pandas with a purpose. [Research Saturday]
13 snips
May 24, 2025 Deepen Desai, Chief Security Officer and EVP of Cyber and AI Engineering at Zscaler, dives into the latest activities of the Mustang Panda group. He reveals the new arsenal, including advanced backdoors like TONEINS and tools for stealthy surveillance. Discussions include their phishing tactics and the development of custom keyloggers, PAKLOG and CorKLOG. Desai emphasizes the importance of a comprehensive defense strategy and the role of AI in both cyberattacks and cybersecurity measures, highlighting the ongoing battle against sophisticated threats.
AI Snips
Chapters
Transcript
Episode notes
Mustang Panda's Target Profile
- Mustang Panda primarily targets government-related entities, military, minority groups, and NGOs in East Asia.
- Recent research found campaigns also targeting entities in Europe, expanding their reach beyond their usual scope.
Mustang Panda's Tool Arsenal
- Mustang Panda's tools include new backdoors like ToneShell and lateral movement tools named StarProxy.
- Both use fake TLS protocols to disguise communications and facilitate propagation inside networks.
Defense Strategies Against Mustang Panda
- Implement defense in depth by securing external attack surfaces, segmenting networks, and inspecting all traffic, especially TLS.
- Use inline DLP and advanced sandboxing to detect and prevent lateral movement and data exfiltration.