Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
Summary
The China-aligned threat actor Mustang Panda is conducting espionage campaigns targeting the Indian government and hydropower entities. They are deploying new malware and utilizing Zoho WorkDrive as a command and control channel to exfiltrate data.
IFF Assessment
This article details the activities of a sophisticated threat actor targeting government infrastructure, representing a significant risk to national security and data confidentiality.
Defender Context
Defenders should be aware of Mustang Panda's evolving tactics, particularly their use of legitimate cloud services like Zoho WorkDrive for command and control, which can make detection more challenging. Monitoring for anomalous activity within cloud storage services and ensuring strong authentication for critical government systems are crucial mitigation steps.