Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

China-Linked Mustang Panda Targets Routers

May 17, 2023
Reading Time: 2 mins read
in Alerts
China-Linked Mustang Panda Targets Routers

 

Since January 2023, the China-linked cyberespionage group Mustang Panda has been carrying out targeted attacks against European foreign affairs entities using a custom firmware implant, according to Check Point Research.

Mustang Panda, also known as Camaro Dragon or “Bronze President,” has been active since at least 2012 and has previously targeted American and European government organizations, think tanks, NGOs, and even Catholic organizations at the Vatican.

In their recent attacks, the threat actors utilized a custom firmware implant called Horse Shell, which includes a backdoor enabling persistence, anonymous infrastructure building, and lateral movement within compromised networks.

The Horse Shell backdoor, inserted into modified firmware by the attackers, is designed to be firmware-agnostic, allowing it to target various firmware from different vendors. The backdoor provides functionalities such as remote shell execution, file transfer capabilities, and SOCKS tunneling for relaying communication between different clients.

While the deployment method of the firmware images on the compromised routers remains unknown, it is believed that the attackers exploit known vulnerabilities or use weak passwords to gain access to the devices.

The ultimate goal of the threat actors is to create a chain of nodes between main infections and a real command-and-control (C2) server, utilizing arbitrary devices with no specific interest, including residential and home networks. The Horse Shell component communicates with its peers and server using a specified port, typically 80, and employs HTTP communication with custom headers.

The communication is encrypted using a modified encryption scheme based on the Substitution-Permutation Network. The network is designed to be resilient, ensuring that compromising a single node in the chain does not bring down the entire network.

The discovery of the firmware-agnostic nature of the implanted components indicates that a wide range of devices and vendors may be at risk. Users are advised to remain vigilant, update their firmware to the latest version, and implement strong passwords to protect against these targeted attacks.

Reference:
  • THE DRAGON WHO SOLD HIS CAMARO: ANALYZING CUSTOM ROUTER IMPLANT
Tags: BackdoorChinaCyber AlertCyber Alerts 2023cyberespionageMay 2023Mustang PandaNGOsRoutersTP-LinkVulnerabilities
ADVERTISEMENT

Related Posts

Open VSX Flaw Allowed Extension Hijacks

Open VSX Flaw Allowed Extension Hijacks

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

nOAuth Flaw Allows Easy Account Takeover

June 27, 2025
Open VSX Flaw Allowed Extension Hijacks

Unpatchable Flaw In Hundreds Of Printers

June 27, 2025
New Malware Uses Prompts To Trick AI Tools

Fake Job Offers Hide North Korean Malware

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Malware Uses Prompts To Trick AI Tools

June 26, 2025
New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

June 26, 2025

Latest Alerts

nOAuth Flaw Allows Easy Account Takeover

Unpatchable Flaw In Hundreds Of Printers

Open VSX Flaw Allowed Extension Hijacks

Fake Job Offers Hide North Korean Malware

New Malware Uses Prompts To Trick AI Tools

New Zero Day Flaw Hits Citrix NetScaler

Subscribe to our newsletter

    Latest Incidents

    Hawaiian Airlines Hit By Cyberattack

    Qilin Ransomware Gang Hacks Estes Freight

    Generali Customer Data Exposed In Hack

    Resupply DeFi Protocol Hacked For $9.6M

    Cyberattack Hits South Tyrol Emergency Ops

    UK’s Glasgow City Council Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial