Two China-linked cyberespionage groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN), Palo Alto Networks reports.
The first advanced persistent threat (APT) actor, tracked as Mustang Panda, Bronze President, Earth Preta, RedDelta, Stately Taurus, and TA416, has been active since at least 2012, conducting cyberespionage operations on behalf of the Chinese government.
Mustang Panda, Palo Alto Networks says, created two malicious packages days before the ASEAN-Australia Special Summit was held in early March 2024. The first targeted entities in the Philippines, Japan, and Singapore, while the second was aimed at Myanmar.
The first package is a renamed copy of KeyScrambler.exe, a legitimate anti-key logging program, that would sideload a malicious DLL and establish persistence by creating an autorun registry key. The code decrypts a payload believed to be PubLoad malware.
The second package, a screensaver executable (SCR), appears to have targeted the Myanmar military. When executed, it would attempt to fetch a benign executable and a malicious DLL from a remote server, once again using DLL sideloading to run the malware.
The second Chinese APT compromised an ASEAN-affiliated entity, with malicious activity observed throughout January and February. Previously, the threat actor was seen targeting government entities in Cambodia and compromising roughly two dozen organizations.
According to Palo Alto Networks, the targeting of ASEAN-affiliated entities is not surprising, considering their role in handling sensitive information about diplomatic relations and economic decisions.
“These types of campaigns continue to demonstrate how organizations are targeted for cyberespionage purposes, where nation-state affiliated threat groups collect intelligence of geopolitical interests within the region. We encourage organizations to leverage our findings to inform the deployment of protective measures to defend against these types of threats,” Palo Alto Networks concludes.
Related: Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon
