China-linked hackers targeted US agencies with Venezuela-themed phishing: report

A hacker group with links to China recently used Venezuela-themed phishing emails in a malware campaign targeting US government-related entities, as cyberattack campaigns increasingly leverage geopolitical materials, according to Swiss cybersecurity firm Acronis.

A malware campaign has used recent developments between the US and Venezuela as “thematic lures” to attack US government and policy-related entities with a back door that has espionage-focused capabilities, including basic remote tasking and data exfiltration, Acronis said in a report on Thursday.

The firm said that it attributed this activity to a group named Mustang Panda “with moderate confidence” based on certain infrastructural and operational patterns.

While Acronis did not identify Mustang Panda as a Chinese group, global cybersecurity research teams have described it as a China-based cyber threat actor.

It has been active since 2012 and has launched cyberattacks against organisations worldwide deemed adversaries of the Communist Party, according to Singapore-based cybersecurity firm Cyfirma.

The US Department of Justice (DOJ) in January last year called Mustang Panda a hacker group sponsored by the People’s Republic of China.

South China Morning Post