A cyber espionage group linked to China, known as Mustang Panda, has been accused of deploying malware over the past five months to infiltrate computer systems of cargo shipping companies in Norway, Greece, and the Netherlands. The Slovakia-based cybersecurity firm ESET revealed that the malware was even found aboard some of the cargo ships themselves.
Mustang Panda, which has a history of espionage against governments and organizations across Asia and more recently in Europe, used a remote access trojan (RAT) that grants attackers full access to infected devices, allowing them to issue commands remotely. The malware typically infiltrates systems via email phishing, malicious websites, vulnerable software, or unprotected machines.
“This is the first time we've seen evidence of a China-linked cyber espionage group targeting commercial shipping,” Robert Lipovsky, principal threat intelligence researcher at ESET, told NBC. “We haven't seen this in the past. It shows a clear interest in this sector. These were not isolated incidents but several distinct attacks on different, unrelated organizations.”
The specifics of how the malware was introduced to the systems remain unclear, including whether USB devices were physically planted at the companies or on the ships.