Chinese hackers return - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Chinese hackers return
De:       Mike Powell
Data:     Fri, 15 May 2026 09:45:08 -0500
-----------------------------------------------------------
'Infrastructure rotates and payloads can change, but the execution model 
persists': Chinese hackers return to target victims across Asia with new 
MustangPanda threat

Date:
Fri, 15 May 2026 10:18:14 +0000

Description:
Researchers spotted an updated version of the FDMTP backdoor being deployed 
through DLL sideloading.

FULL STORY
Chinese state-sponsored threat actors are targeting organizations across the 
Asia-Pacific region, as well as Japan, with an updated version of a known 
backdoor , experts have warned. 

A new threat intelligence report by security researchers Darktrace found as 
of late September 2025, and all the way through April 2026, a hacking 
collective called Twill Typhoon (or Mustang Panda) have been targeting 
organizations - including at least one finance-sector company - with a 
backdoor called FDMTP (now at version 3.2.5.1). To deliver FDMTP, the 
attackers used DLL sideloading. Using spear-phishing, they would deliver a 
ZIP file with a legitimate, trusted program (in this case, a popular Chinese 
language input method editor called Sogou Pinyin) alongside a malicious DLL 
with the same name. When the victim runs the program, it loads the malicious 
DLL instead of the legitimate one, granting the attackers access and the 
ability to deploy the backdoor.

They also impersonate well-known CDN infrastructure such as Yahoo and Apple 
to make their traffic blend in with normal web activity and thus avoid being 
spotted. 

Once inside, FDMTP establishes a connection to the attacker-controlled C2, 
collects detailed system information ( antivirus software , user accounts, 
and more), and installs modular plugins that let attackers remotely run 
commands, manage files, manipulate system processes, or maintain persistent 
access. 

This approach is consistent with broader China-nexus tradecraft, Darktrace 
said in the report. The stable feature of this activity is behavioral. 
Infrastructure rotates and payloads can change, but the execution model 
persists. For defenders, the implication is straightforward: detection 
anchored to individual indicators will degrade quickly. Detection anchored to 
a behavioral sequence offer a far more durable approach. 

In other words, businesses need detection systems that recognize that 
sequence rather than specific known-bad indicators.

Link to news story:
https://www.techradar.com/pro/security/infrastructure-rotates-and-payloads-can
-change-but-the-execution-model-persists-chinese-hackers-return-to-target-vict
ims-across-asia-with-new-mustangpanda-threat

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]