URL has been copied successfully!
Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT


Tags: , , , , , , , , ,

Mustang Panda is using a fake “Browser Updater” and a multi”‘stage LNKPowerShell loader to sideload PlugX through a legitimate G DATA antivirus binary, ultimately beaconing over HTTPS to a hard”‘coded C2 while hiding configuration and strings behind layered encryption and API hashing. Mustang Panda is a China”‘nexus APT group, long associated with PlugX remote access […] The post Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/mustang-panda-uses-lnk/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
  2. Dust Specter APT Targets Government Officials in Iraq
  3. 25 on 2025: APAC security thought leaders share their predictions and aspirations
  4. Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign