3 June 2021

Supply chain attack targets Myanmar presidential office website


Supply chain attack targets Myanmar presidential office website

Myanmar presidential office website has been a target of a supply chain attack in which a threat actor injected malware inside a localized Myanmar font package available for download on the site’s front page, cybersecurity researchers at Slovak security firm ESET revealed.

The intrusion was discovered on June 2.

“In the archive, attackers added a Cobalt Strike loader [named] Acrobat.dll, that loads a Cobalt Strike shellcode,” ESET explained in a series of tweets.

The researchers were able to identify the loader’s command and control server (95.217.1[.]81). They said the loader shows similarities with other malware samples spread as attachments in spear-phishing emails used in past attacks against Myanmar targets.

These spear-phishing campaigns mainly targeted Myanmar, ESET said. The cybersecurity firm added that some findings, namely a timestamp in a .lnk file, suggest the Mustang Panda APT’s involvement in the recent attack, but at present they cannot confirm attribution.

Mustang Panda, also referred to as TA416 and RedDelta, has a history of hacking and espionage campaigns targeting organizations around the world and is known for the targeting of entities connected to the diplomatic relations between the Vatican and the Chinese Communist Party, along with entities in Myanmar.

Last year, researchers at Proofpoint discovered a Mustang Panda’s campaign against targets involved in negotiations about the operations of the Catholic Church in China. In the campaign the threat actor was observed using an updated toolset in order to evade detection, including a new version of the RedDelta PlugX malware written in Golang.


Back to the list

Latest Posts

Security researcher published PoC exploit for Zoho ManageEngine ADAudit Plus bug

Security researcher published PoC exploit for Zoho ManageEngine ADAudit Plus bug

Using this vulnerability, a cybercriminal can get the remote access to sensitive information.
4 July 2022
Microsoft found Raspberry Robin worm in networks of hundreds of organizations

Microsoft found Raspberry Robin worm in networks of hundreds of organizations

While Raspberry Robin was first discovered in September 2021, it was active long before that.
4 July 2022
Half of 2022's 0-days are variants of 2021’s 0-days

Half of 2022's 0-days are variants of 2021’s 0-days

In the first half of 2022, Google’s Project Zero team identified eighteen 0-day vulnerabilities, and at least nine of them are variants of previously fixed flaws.
4 July 2022