Supply chain attack targets Myanmar presidential office website

Supply chain attack targets Myanmar presidential office website

Myanmar presidential office website has been a target of a supply chain attack in which a threat actor injected malware inside a localized Myanmar font package available for download on the site’s front page, cybersecurity researchers at Slovak security firm ESET revealed.

The intrusion was discovered on June 2.

“In the archive, attackers added a Cobalt Strike loader [named] Acrobat.dll, that loads a Cobalt Strike shellcode,” ESET explained in a series of tweets.

The researchers were able to identify the loader’s command and control server (95.217.1[.]81). They said the loader shows similarities with other malware samples spread as attachments in spear-phishing emails used in past attacks against Myanmar targets.

These spear-phishing campaigns mainly targeted Myanmar, ESET said. The cybersecurity firm added that some findings, namely a timestamp in a .lnk file, suggest the Mustang Panda APT’s involvement in the recent attack, but at present they cannot confirm attribution.

Mustang Panda, also referred to as TA416 and RedDelta, has a history of hacking and espionage campaigns targeting organizations around the world and is known for the targeting of entities connected to the diplomatic relations between the Vatican and the Chinese Communist Party, along with entities in Myanmar.

Last year, researchers at Proofpoint discovered a Mustang Panda’s campaign against targets involved in negotiations about the operations of the Catholic Church in China. In the campaign the threat actor was observed using an updated toolset in order to evade detection, including a new version of the RedDelta PlugX malware written in Golang.


Back to the list

Latest Posts

Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025
Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

The malicious actors used v0.dev to create fake login pages mimicking legitimate brands.
2 July 2025
Qantas alerts customers to potential data breach after third-party cyberattack

Qantas alerts customers to potential data breach after third-party cyberattack

Attackers accessed and exfiltrated data from the compromised platform.
2 July 2025