Mustang Panda Targets Tibetan Community with DLL Side-Loading

Cyber Security News by CyberSum.net

Published on October 8, 2025 at 11:23 PM

12 sources

A new phishing campaign by Mustang Panda targets the Tibetan community using a DLL side-loading technique. The attack begins with a ZIP file containing a decoy executable and a hidden DLL. The DLL, marked with file attributes to stay invisible, is loaded by the executable to deploy the final payload. The campaign uses persistence mechanisms and API hashing to evade detection.

Also Read

New GNU/Linux Rootkit LinkPro Discovered in AWS Infrastructure

An investigation into a compromised AWS-hosted infrastructure revealed a new GNU/Linux rootkit called LinkPro. The attackers exploited a vulnerable Jenkins server (CVE-2024-23897) to deploy a malicious Docker image on Kubernetes clusters. The rootkit, written in Golang, features eBPF modules for concealment and remote activation, allowing attackers to gain persistence and execute commands. The sophisticated malware supports multiple communication protocols and uses a 'magic packet' for activation. The threat actors are suspected to be financially motivated.

By Cyber Security News by CyberSum.netOctober 17, 2025 at 06:00 AM