3 June 2021

Supply chain attack targets Myanmar presidential office website


Supply chain attack targets Myanmar presidential office website

Myanmar presidential office website has been a target of a supply chain attack in which a threat actor injected malware inside a localized Myanmar font package available for download on the site’s front page, cybersecurity researchers at Slovak security firm ESET revealed.

The intrusion was discovered on June 2.

“In the archive, attackers added a Cobalt Strike loader [named] Acrobat.dll, that loads a Cobalt Strike shellcode,” ESET explained in a series of tweets.

The researchers were able to identify the loader’s command and control server (95.217.1[.]81). They said the loader shows similarities with other malware samples spread as attachments in spear-phishing emails used in past attacks against Myanmar targets.

These spear-phishing campaigns mainly targeted Myanmar, ESET said. The cybersecurity firm added that some findings, namely a timestamp in a .lnk file, suggest the Mustang Panda APT’s involvement in the recent attack, but at present they cannot confirm attribution.

Mustang Panda, also referred to as TA416 and RedDelta, has a history of hacking and espionage campaigns targeting organizations around the world and is known for the targeting of entities connected to the diplomatic relations between the Vatican and the Chinese Communist Party, along with entities in Myanmar.

Last year, researchers at Proofpoint discovered a Mustang Panda’s campaign against targets involved in negotiations about the operations of the Catholic Church in China. In the campaign the threat actor was observed using an updated toolset in order to evade detection, including a new version of the RedDelta PlugX malware written in Golang.


Back to the list

Latest Posts

Cyber security week in review: January 27, 2023

Cyber security week in review: January 27, 2023

The world in brief: the FBI dismantles the Hive ransomware operation, the League of Legend source code stolen in a hacker attack, and more.
27 January 2023
Hackers increasingly abusing RMM software for nefarious purposes

Hackers increasingly abusing RMM software for nefarious purposes

Hackers can use legitimate RMM software as a backdoor for persistence and/or command and control.
26 January 2023
GoTo says hackers stole encrypted backups, an encryption key

GoTo says hackers stole encrypted backups, an encryption key

The company said it found no evidence that other GoTo products or any of its production systems were affected.
25 January 2023