New APT Targeted Attack Campaign Targeting Vietnam Discovered

The Department of Information Security (Ministry of Information and Communications) has just issued a warning about new attack campaigns by the "Mustang Panda" group targeting Vietnam.

Specifically, in the process of monitoring information security in cyberspace, recently the National Cyber ​​Security Monitoring Center - NCSC under the Department has discovered and recorded illegal attacks by the "Mustang Panda" group in campaigns targeting organizations in Vietnam.

The group’s new campaign uses lures around education and taxation, uses multiple approaches, and leverages tools like “forfiles.exe” to execute malicious files stored on the C&C server. The group targets government organizations, non-profit organizations, educational institutions, etc.

Experts' analysis also showed that two attack campaigns by the "Mustang Panda" group recorded in April and May targeting organizations and businesses in Vietnam used text files with content related to tax authorities and educational institutions. Both campaigns had in common that they originated from phishing emails with malicious file attachments.

To ensure information security for the unit's information system, contributing to ensuring the safety of Vietnam's cyberspace, the Department of Information Security requests specialized information technology and information security units of ministries, branches and localities; state-owned corporations and groups; enterprises providing telecommunications, Internet and digital platform services, and financial institutions and commercial banks to conduct inspections and reviews of information systems under their management that may be affected by attack campaigns carried out by the "Mustang Panda" group.

Agencies, organizations and businesses also need to proactively monitor information related to the campaign to prevent and avoid the risk of being attacked.

At the same time, strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks, and regularly monitor warning channels of authorities as well as large information security organizations to promptly detect cyber attack risks.

“If necessary, units can contact the support contact of the Department of Information Security, the National Cyber ​​Security Monitoring Center - NCSC, at phone number 02432091616, and email ncsc@ais.gov.vn,” the Department of Information Security's warning stated.

APT targeted attacks have been predicted by information security experts to be one of the prominent attack trends in 2024 and the following years, along with distributed denial of service attacks - DDoS and ransomware attacks.

"Mustang Panda" is known as one of the APT attack groups that has carried out many targeted attack campaigns on agencies and organizations in the Southeast Asia region, including Vietnam.

The Vietnam Information Security Report for the first quarter of 2024 conducted by Viettel Cyber ​​Security assessed Mustang Panda as one of the four APT attack groups that have a major impact on organizations and businesses in Vietnam. Viettel Cyber ​​Security experts also commented that although the amount of malware spread by "Mustang Panda" has decreased, it is more sophisticated. This group has changed and improved many techniques to make it difficult to detect and investigate attacks.