China-linked Cyber Attackers Target SA Job Seekers, Trellix Confirms

Sourced from International IDEA

Trellix, a cybersecurity company, has confirmed a China-based threat actor known as Mustang Panda has been allegedly targeting South African telecommunications, banks, and job seekers through fake recruitment sites.

According to Business Insider SA, data gathered by the cybersecurity company Trellix shows a consistent surge in threats during the first quarter of 2022, which it says is not unusual around the time, considering the fact that it’s right around holidays.

The nature of these cybercrimes has, however, been very alarming, according to the cybersecurity company. Trellix revealed during its cyber intelligence briefing for South Africa on Wednesday that cybercriminals have been especially active during 2022.

Among these cybercriminals, the most dominating is the group Mustang Panda which sometimes goes by the names “RedDelta” or “Bronze President”.

“Mustang Panda is quite prolific in South Africa for the last three months,” said Carlo Bolzonello, South Africa country lead for Trellix, during Wednesday’s briefing.

“From a South African perspective, they’ve been very active in the last three months around the banking and wealth management sector,” he added.

John Fokker, head of cyber investigations and principal engineer at Trellix, alleged that Mustang Panda is believed to support the Chinese government.

“In the past, especially in Europe, there was a big debate around 5G and about replacing 5G technology with specific Chinese-built technology at the core. And from a security perspective, this was a big debate,” Fokker said.

Fokker said they observed that Mustang Panda was targeting telecommunications sectors in countries where this debate was big.

“And how they actually did it… they did actually have a fake career site, so we assume they posed as recruiters trying to recruit individuals with technical knowledge within the telecommunications sector and persuade them to open a file and then infect their computer,” Fokker explained.

Bolzonello added that although the attacks on the South African telecommunications sector have only been realised recently they were also witnessed during the big debate around 5G technology.

“Mustang Panda is there to collect data, stick around, and exfiltrate data out and that data could be used for numerous different things,” said Bolzonello.

By Zintle Nkohla 

Follow Zintle Nkohla on Twitter

Follow IT News Africa on Twitter