Mustang Panda targets Indian government and energy sectors with new SHARDLOADER malware via Zoho WorkDrive abuse
Summary
Acronis Threat Research Unit (TRU) has identified two espionage campaigns by the Mustang Panda threat actor targeting India's hydropower sector and government entities. The campaigns use lure documents themed around cooperation agreements between Indian and Taiwanese institutions, distributed in compressed archives. These deliver previously undocumented DLL-based loaders tracked as SHARDLOADER. One variant decrypts and launches MINIRECON, a new implant derived from the Toneshell malware family, while the second variant delivers ZOHOMURK, abusing Zoho WorkDrive (a legitimate cloud storage platform used in Indian government) for command-and-control communications.
Source
Key quotes
· 3 pulledAcronis TRU has identified two espionage-focused campaigns targeting India's hydropower sector and government entities, using lure documents themed around cooperation agreements between Indian and Taiwanese institutions.
Both campaigns delivered previously undocumented DLL-based loaders, which we track as SHARDLOADER, through hydropower- and government-themed lure documents distributed in compressed archives.
Upon execution, one SHARDLOADER variant decrypts and launches MINIRECON, a newly identified implant derived from the Toneshell malware family.
You might also wanna read
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
Shai Hulud 2.0 Supply-Chain Attack Compromises Zapier, ENS, AsyncAPI, PostHog, and Postman
The article details a new supply-chain attack campaign dubbed 'Shai Hulud 2.0' that has compromised multiple developer tools and platforms i
aikido.dev·7mo agoNew ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
Investigation: Foreign-Linked Political Group Campaigns Against American AI Data Centers Across 14 States
A Bitcoin Policy Institute investigation into how the Party for Socialism and Liberation (PSL), the political arm of Shanghai-based Marxist
btcpolicy.org·4d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.