1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Infrastructure rotates and payloads can change, but the executio

    From TechnologyDaily@1337:1/100 to All on Friday, May 15, 2026 11:30:24
    'Infrastructure rotates and payloads can change, but the execution model persists': Chinese hackers return to target victims across Asia with new MustangPanda threat

    Date:
    Fri, 15 May 2026 10:18:14 +0000

    Description:
    Researchers spotted an updated version of the FDMTP backdoor being deployed through DLL sideloading.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Darktrace reported Twill
    Typhoon (Mustang Panda) targeting AsiaPacific and Japan with updated FDMTP backdoor v3.2.5.1 Attackers used DLL sideloading via spearphished ZIPs with Sogou Pinyin plus malicious DLL, and impersonated Yahoo/Apple CDN traffic FDMTP gathers system info, installs plugins for remote control and persistence; researchers stress behavioral detection over static indicators Chinese state-sponsored threat actors are targeting organizations across the Asia-Pacific region, as well as Japan, with an updated version of a known backdoor , experts have warned.

    A new threat intelligence report by security researchers Darktrace found as
    of late September 2025, and all the way through April 2026, a hacking collective called Twill Typhoon (or Mustang Panda) have been targeting organizations - including at least one finance-sector company - with a backdoor called FDMTP (now at version 3.2.5.1). To deliver FDMTP, the attackers used DLL sideloading. Using spear-phishing, they would deliver a
    ZIP file with a legitimate, trusted program (in this case, a popular Chinese language input method editor called Sogou Pinyin) alongside a malicious DLL with the same name. When the victim runs the program, it loads the malicious DLL instead of the legitimate one, granting the attackers access and the ability to deploy the backdoor. Latest Videos From You may like Chinese hackers hide malware within Windows and Google Drive to hit government
    targets 'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axios Kasperky warns popular Daemon Tools app backdoored by hackers to target specific victims Execution model persists
    They also impersonate well-known CDN infrastructure such as Yahoo and Apple
    to make their traffic blend in with normal web activity and thus avoid being spotted.

    Once inside, FDMTP establishes a connection to the attacker-controlled C2, collects detailed system information ( antivirus software , user accounts,
    and more), and installs modular plugins that let attackers remotely run commands, manage files, manipulate system processes, or maintain persistent access.

    This approach is consistent with broader China-nexus tradecraft, Darktrace said in the report. The stable feature of this activity is behavioral. Infrastructure rotates and payloads can change, but the execution model persists. For defenders, the implication is straightforward: detection anchored to individual indicators will degrade quickly. Detection anchored to a behavioral sequence offer a far more durable approach.

    In other words, businesses need detection systems that recognize that
    sequence rather than specific known-bad indicators. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/infrastructure-rotates-and-payloads-can -change-but-the-execution-model-persists-chinese-hackers-return-to-target-vict ims-across-asia-with-new-mustangpanda-threat


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)