Mustang Panda Targets Indian Government and Hydropower Groups via Zoho WorkDrive Abuse
By
CybersecurityNews
Summary
Mustang Panda, a threat actor group, is targeting Indian government and hydropower organizations using spear-phishing and sideloading malware. The group is abusing Zoho WorkDrive as a covert command-and-control channel to hide malicious traffic within legitimate cloud activity. Acronis identified three associated tools—SHARDLOADER, MINIRECON, and ZOHOMURK—and released indicators of compromise to aid defenders.
Source
bskyMustang Panda Targets Indian Government and Hydropower Groups via Zoho WorkDrive Abusehendryadrian.comKey quotes
· 3 pulledMustang Panda is targeting Indian government and hydropower-related organizations with spear-phishing, sideloading malware, and abuse of Zoho WorkDrive as a covert command channel.
Acronis linked the activity to three tools—SHARDLOADER, MINIRECON, and ZOHOMURK—and published indicators to help defenders detect the campaign.
The group abused Zoho WorkDrive to hide command-and-control traffic inside normal cloud activity.
You might also wanna read
Research Finds DeepSeek AI Generates Less Secure Code for Groups Disfavored by China
A U.S. security firm's research reveals that Chinese AI company DeepSeek produces lower-quality, less secure code for groups and purposes th
washingtonpost.com·9mo ago
Infoblox Uncovers 236,000+ DCloud Uni-App Sites Used in Crypto Scams and Phishing Operations
Infoblox has uncovered a massive network of over 236,000 websites built using DCloud Uni-App, a legitimate Chinese open-source development f
thehackernews.com·18h ago
Shai Hulud 2.0 Supply-Chain Attack Compromises Zapier, ENS, AsyncAPI, PostHog, and Postman
The article details a new supply-chain attack campaign dubbed 'Shai Hulud 2.0' that has compromised multiple developer tools and platforms i
aikido.dev·7mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.