APT targeted attacks are one of the prominent attack trends in 2024 and beyond, along with distributed denial of service attacks - DDoS and ransomware attacks.

'Mustang Panda' is known as one of the APT attack groups that has carried out many targeted attack campaigns on agencies and organizations in the Southeast Asia region, including Vietnam.

Viettel Cyber ​​Security reported on Vietnam's information security situation in the first quarter of 2024, in which Mustang Panda is one of the four APT attack groups that have a great impact on organizations and businesses in Vietnam.

Although the amount of malware distributed by 'Mustang Panda' has decreased, it has become more sophisticated. The group has changed and improved many techniques to make it difficult to detect and investigate attacks.

The Department of Information Security (Ministry of Information and Communications) has just issued a warning about new attack campaigns by the 'Mustang Panda' group targeting Vietnam.

Specifically, the new attack campaign of the 'Mustang Panda' group uses 'lures' revolving around the education and tax sectors, applies multiple approaches, and takes advantage of tools such as 'forfiles.exe' to execute malicious files stored on the C&C server. The group's targets are government organizations, non-profit organizations, educational organizations, etc.

Experts' analysis also showed that two attack campaigns by the 'Mustang Panda' group recorded in April and May targeting organizations and businesses in Vietnam used text files with content related to tax authorities and educational institutions. Both campaigns had in common that they originated from phishing emails with malicious file attachments.

To ensure information security for the unit's information system, contributing to ensuring the safety of Vietnam's cyberspace, the Department of Information Security requests specialized IT and information security units of ministries, branches and localities; State-owned corporations and groups; Enterprises providing telecommunications, Internet and digital platform services, and financial institutions and commercial banks to conduct inspections and reviews of information systems under their management that may be affected by attack campaigns carried out by the 'Mustang Panda' group.

Agencies, organizations and businesses also need to proactively monitor information related to the campaign to prevent and avoid the risk of being attacked. At the same time, strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks, and regularly monitor the warning channels of competent authorities as well as large information security organizations to promptly detect cyber attack risks.

“If necessary, units can contact the support contact of the Department of Information Security, the National Cyber ​​Security Monitoring Center - NCSC, at phone number 02432091616, and email [email protected],” the warning of the Department of Information Security clearly stated.