A Chinese-linked cyber actor, dubbed SmugX, attacked Foreign Affairs ministries and embassies in Europe. The actor employed HTML smuggling tactics to deploy the PlugX remote access trojan on compromised systems. The new PlugX variant has a payload similar to previous variants but uses improved delivery methods with lower detection rates.

Although the exact identity of the threat actor remains uncertain, current evidence points toward China-based Mustang Panda. The organization shares overlaps with the Earth Preta, RedDelta, and Camaro Dragon clusters. The HTML smuggling technique launches the malware through malicious documents attached to spear-phishing emails. The documents are crafted to specifically target diplomats and government employees in Czechia, Hungary, Ukraine, France, Sweden, Slovakia, and the United Kingdom.

Read More:

https://thehackernews.com/2023/07/chinese-hackers-use-html-smuggling-to.html