惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy International News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Attack and Defense Labs
Attack and Defense Labs
S
Secure Thoughts
V2EX - 技术
V2EX - 技术
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
O
OpenAI News
Cloudbric
Cloudbric
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Help Net Security
Help Net Security
Cyberwarzone
Cyberwarzone
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tenable Blog
S
Security @ Cisco Blogs
N
News and Events Feed by Topic
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog
V
Visual Studio Blog
P
Proofpoint News Feed
Webroot Blog
Webroot Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
雷峰网
雷峰网
T
The Blog of Author Tim Ferriss
Hugging Face - Blog
Hugging Face - Blog
腾讯CDC
L
LangChain Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东

ThreatConnect

Iranian Conflict Intelligence Dashboard Immediately Available for ThreatConnect | ThreatConnect From Noise to Signal: Crafting TI-Informed Detections for Real Security Value | ThreatConnect Prioritizing Vulnerabilities That Actually Matter | ThreatConnect Why ThreatConnect’s VP of Product Marketing Spends His Off Hours Rescuing Wild Foxes | ThreatConnect ThreatConnect Customer Success Engineer Angel Salcedo Makes Success a Team Sport | ThreatConnect How Threat-Informed Response Slashes MTTR and Boosts MSSP Margins - Dataminr How ThreatConnect Senior Security Engineer Matt Brash Rescues SOC Teams from Burnout | ThreatConnect Empower Seamless Collaboration with Polarity’s RFI Integration | ThreatConnect CAL, MITRE v18 & MITRE ATLAS: The Map I Wish I Had in the SOC | ThreatConnect
Mustang Panda Intelligence Dashboard Immediately Available for ThreatConnect | ThreatConnect
Travis Meyers · 2026-01-28 · via ThreatConnect

Mustang Panda—also known in industry and government reporting as BASIN, BRONZE PRESIDENT, CAMARO DRAGON, EARTH PRETA, FIREANT, G0129, HIVE015, HoneyMyte, LUMINOUS MOTH, Polaris, RedDelta, STATELY TAURUS, TA416, TANTALUM, TEMP.HEX, TWILL TYPHOON, or UNC6384—is a highly active, state-sponsored Chinese cyber-espionage group assessed to operate under the People’s Republic of China (PRC). Active for over a decade, the group is distinguished by its high operational tempo and “volume over stealth” approach to espionage.

Mustang Panda has consistently targeted entities that intersect with Beijing’s geopolitical priorities, particularly government and diplomatic institutions, maritime logistics organizations, and religious institutions. Their campaigns demonstrate a persistent focus on intelligence collection related to foreign policy, trade routes, and sensitive diplomatic engagements.

Multiple cybersecurity vendors and government agencies assess with high confidence that Mustang Panda operates in alignment with PRC strategic objectives, based on victimology patterns, infrastructure choices, and activity timing that aligns with Chinese working hours (UTC+8).

The new Mustang Panda Dashboard in ThreatConnect offers security teams centralized visibility into this highly active and adaptable adversary.

Key Benefits:

  • Centralized Intelligence: Aggregates Mustang Panda-related IOCs, TTPs, malware families, and campaign telemetry from open sources, commercial feeds, and internal data.
  • Continuous Threat Tracking: Monitors real-time updates on actor infrastructure, targeting patterns, and evolving tradecraft.
  • Accelerated Incident Response: Provides enriched, contextual intelligence to reduce detection-to-response timelines.
  • Visual Reporting & Executive Insights: Interactive charts, timelines, and executive-ready dashboards support risk prioritization and communication.
  • Automated Correlation: Leverages ThreatConnect’s automation engine to map Mustang Panda indicators across intrusion sets, malware families, and victim profiles.

Mustang Panda’s consistent targeting of government, diplomatic, and maritime entities underscores the ongoing risk to sensitive political and economic interests worldwide. 

The Mustang Panda Dashboard equips defenders with the ability to visualize campaigns, correlate activity, and act decisively—directly within the ThreatConnect platform.

Note: To maximize the value of this dashboard, organizations may benefit from integration with premium threat intelligence sources such as Dataminr, Mandiant, Recorded Future, or CrowdStrike.

Lead Contributor – Travis Meyers, Customer Success Manager

To gain access to the Mustang Panda Dashboard, please connect with your Customer Success team or reach out to us through our contact form.

Further Resources

For more detailed information and resources on Salt Typhoon, please refer to the following:

Resource Description Link
MITRE As a not-for-profit organization, MITRE acts in the public interest by delivering objective, cost-effective solutions to many of the world’s biggest challenges. MITRE Article
The Hacker News THN Media Private Limited, the parent organization behind The Hacker News (THN), stands as a top and reliable source for the latest updates in cybersecurity. As an independent outlet, we offer balanced and thorough insights into the cybersecurity sector, trusted by professionals and enthusiasts alike. THN Article
Reuters Reuters is the leading global source of news coverage. We have been licensing content and information to media organizations, technology companies, governments and corporations since 1851. Reuters Article

We urge all organizations to remain vigilant and proactive in their cybersecurity efforts. By implementing these recommendations, you can significantly reduce your risk and protect your critical assets.

Mustang Panda Known Exploited Vulnerabilities

CVE ID Product Description
CVE-2025-55182 IoT / Web Apps React2Shell: Critical flaw exploited by the RondoDox botnet (associated with Mustang Panda) to compromise IoT devices.
CVE-2025-14847 MongoDB MongoBleed: Active exploitation allowing unauthenticated attackers to coerce servers into leaking sensitive memory data.
CVE-2025-9491 Windows UI LNK Bypass: Confirmed extensive exploitation by Mustang Panda to deliver PlugX via malicious shortcut files
CVE-2025-41244 VMware Tools Exploited alongside Windows flaws for privilege escalation and persistence.
CVE-2024-21893 Ivanti Connect Secure Authentication bypass used to deploy MetaRAT (PlugX variant) targeting shipping companies in Japan.
CVE-2024-0012 Palo Alto PAN-OS Exploited for authentication bypass, often leading to ransomware-like behavior or espionage.
CVE-2025-10585 Google Chrome Zero-day in the V8 engine, patched but actively exploited.
CVE-2023-4966 Citrix NetScaler Citrix Bleed: Session hijacking vulnerability used to bypass authentication.
CVE-2025-6202 DRAM (Hardware) Rowhammer Variant: Advanced hardware-level attack bypassing DDR5 protections.

About the Author

Travis Meyers

Travis Meyers (he/him) is a Senior Customer Success Manager at ThreatConnect and has been supporting CTI teams since 2017. While mainly focusing on strategic enablement he enjoys leaving his comfort zone and branching out into some of the more technical aspects when he can. Outside of work life he enjoys playing hockey, playing bass, and cooking elaborate meals from scratch.

Subscribe
to our Emails