All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Mustang Panda targets Indian government and energy sectors with new SHARDLOADER malware via Zoho WorkDrive abuse

5d ago· 20 min readenInsight

Summary

Acronis Threat Research Unit (TRU) has identified two espionage campaigns by the Mustang Panda threat actor targeting India's hydropower sector and government entities. The campaigns use lure documents themed around cooperation agreements between Indian and Taiwanese institutions, distributed in compressed archives. These deliver previously undocumented DLL-based loaders tracked as SHARDLOADER. One variant decrypts and launches MINIRECON, a new implant derived from the Toneshell malware family, while the second variant delivers ZOHOMURK, abusing Zoho WorkDrive (a legitimate cloud storage platform used in Indian government) for command-and-control communications.

Source

bskyMustang Panda targets Indian government and energy sectors with new SHARDLOADER malware via Zoho WorkDrive abuseacronis.com

Key quotes

· 3 pulled
Acronis TRU has identified two espionage-focused campaigns targeting India's hydropower sector and government entities, using lure documents themed around cooperation agreements between Indian and Taiwanese institutions.
Both campaigns delivered previously undocumented DLL-based loaders, which we track as SHARDLOADER, through hydropower- and government-themed lure documents distributed in compressed archives.
Upon execution, one SHARDLOADER variant decrypts and launches MINIRECON, a newly identified implant derived from the Toneshell malware family.
Snippet from the RSS feed
Acronis Threat Research Unit (TRU) has been tracking two concurrent campaigns orchestrated by Mustang Panda targeting Indian government entities, delivering new malware implants and abusing Zoho WorkDrive, a legitimate cloud storage platform commonly used

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.