Mustang Panda Cyber Espionage Group Targets Cargo Shipping Companies, ESET Report Reveals

The cyber espionage group known as Mustang Panda has been making headlines after a recent report revealed their targeted attacks on cargo shipping companies based in Norway, Greece, and the Netherlands. According to the Slovakia-based cyber security firm ESET, the group introduced malware over the past five months to gain remote access to computer systems, including those aboard cargo ships themselves.

This revelation comes amidst growing concerns about cybersecurity threats from China, with top U.K. and U.S. officials issuing warnings about the country’s activities, particularly in critical infrastructure. Mustang Panda, which has a history of espionage activities across Asia and Europe, has been using a type of malware known as a “remote access trojan” to infiltrate devices and issue commands after gaining initial access through various means such as emails, malicious websites, or vulnerable software.

Robert Lipovsky, principal threat intelligence researcher at ESET, noted that this was the first time evidence had emerged of a China-linked cyber espionage group targeting commercial shipping. He emphasized that these were not isolated incidents but rather multiple attacks on different organizations within the sector.

Despite the accusations, a spokesman for China’s embassy in Washington denied any involvement in cyber espionage activities, stating that China opposes groundless accusations and is actually a victim of cyber attacks itself. However, at a cybersecurity conference in the U.K., officials highlighted the increasing threat posed by Chinese cyber capabilities, with China being described as the “epoch-defining challenge” in terms of cybersecurity.

The head of GCHQ, the U.K.’s cyber intelligence agency, warned that China’s advanced cyber capabilities and growing network of hacking outfits posed a significant risk to international security. Similarly, White House national cyber director Harry Coker raised concerns about China’s ability to disrupt civilian infrastructure in the U.S. during a crisis or conflict scenario.

The Biden administration has accused China of engaging in massive espionage efforts, including the “Volt Typhoon” operation targeting critical infrastructure. Despite denials from China, British and U.S. officials at the conference highlighted the shift in China’s cyber tactics towards gaining stealthy access to critical utilities and infrastructure organizations for potential leverage in future crises.

Overall, the revelations about Mustang Panda’s activities and the broader concerns about Chinese cyber capabilities underscore the ongoing challenges in the realm of cybersecurity and the need for increased vigilance and cooperation among nations to address these threats.