MustangPanda – Enemy At The Gate

Posted: September 20, 2022 in MustangPanda - Enemy At The Gate
Tags: , , , , , ,

I would like to share my talk at the Security Bootcamp 2022 event (SBC2022) held in 03 days 09-10-11/09/2022 in Quang Ninh province.

2022 is the 10th year that Security Bootcamp conference is organized to continue the mission of building and connecting information security professionals across the country to share the latest knowledge and skills to form a top quality and prestigious forum for information security in Vietnam.

CrowdStrike researchers first published info about the Mustang Panda group in June 2018, after about a year of observing the group’s attack activities. Mustang Panda, believed is a China-based cyber espionage threat actor, is considered one of the highly motivated APT groups, applying sophisticated techniques to infect and install malware, targeting gain access to the victim’s machine from which to carry out espionage activities and steal information. Mustang Panda is famous for applying infection techniques based on topics related to political events, including the COVID-19 pandemic, … According to research and synthesis from many security companies across the global, this APT group has been around for over a decade with different variations found around the world.

In the second quarter of 2022, while hunting on VirusTotal’s platform, performing a search for specific byte patterns related to the Mustang Panda (#PlugX) group, I discovered a series of samples that we suspect to be of this group was uploaded from Vietnam. Parallel to the campaign that is believed to attack Vietnam, is a series of other campaigns of this group targeting events related to the European Union, the armed conflict that took place in Ukraine, events in countries like Montenegro, Bosnia and Herzegovina,…

My talk at this conference will cover hunting process as well as analyze in-depth the techniques that the Mustang Panda group applied to infect the victim’s machine, thereby use as a springboard to conduct espionage activities and information theft.

Download my presentation here!



  1. […] 0day in {REA_TEAM}MustangPanda – Enemy At The Gate […]

  2. Ho Duy says:

    Nhìn slide template là em liên tưởng đến ngay RPISEC haha
    A cho em xin template của slide được không ạ :3

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.