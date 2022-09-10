A Chinese cyberespionage group named Bronze President which also goes by the name Mustang Panda has been using malware named PlugX to target the computers of political leaders across the globe.

Secureworks Counter Threat Unit (CTU), a company that analyses threat data across the planet observed a series of attacks in the month of July that used the LuhX malware. Government officials in Europe, West Asia, and South America were reportedly targeted.

Read more: China launched cyberattack against Ukraine before Russian invasion: Report

According to CTU, the footprint of the attack bore similarities to previous attacks by Bronze President. The Chinese espionage group imitated official diplomatic notices and lured the government officials.

“Several characteristics of this campaign indicate that it was conducted by the likely Chinese government-sponsored Bronze President threat group, including the use of PlugX, file paths and naming schemes previously used by the threat group, the presence of shellcode in executable file headers, and politically themed decoy documents that align with regions where China has interests,” the CTU research team wrote in a statement.

Explaining that the PlugX malware had capabilities beyond just information gathering, the CTU team further added.

"PlugX is modular malware that contacts a command and control (C2) server for tasking and can download additional plugins to enhance its capability beyond basic information gathering,"

It is pertinent to note that the malware usually arrived in the victim's computer, embedded within RAR archive files. Upon opening the file, the user is shown a Windows shortcut (LNK) file.

Once the user clicks on the LNK file, the Plux malware is loaded, decrypted and executed in the system. The group stated that recently a Turkish official was targeted using a similar modus-operandi.

The official received a notification letter, supposedly from the UK government, informing about the appointment of a new ambassador. However. the truth is there has been no change in the personnel. Opening the mail could have compromised the official.

The cybersecurity firm advised that countries and organisations that China has an interest in could be at the most risk of being targeted and thus they needed to be aware of the group's activities.

“Organisations in geographic regions of interest to China should closely monitor this group’s activities, especially organisations associated with or operating as government agencies.” read the statement.

(With inputs from agencies)

WATCH WION LIVE HERE: