A leading cybersecurity company Trellix, has confirmed the existence of a China-based threat actor known as Mustang Panda alleged to have been targeting South African telecommunications, banks, and job seekers through fake recruitment sites. According to data gathered by Trellix, there has been a consistent surge in threats during the first quarter of 2022, which it says is not unusual around the time, considering the fact that it’s right around holidays.
The nature of these cybercrimes has, however, been very alarming, according to the cybersecurity company. Trellix revealed during its cyber intelligence briefing for South Africa on Wednesday that cybercriminals have been especially active during 2022.
Among these cybercriminals, the most dominating is the group Mustang Panda which sometimes goes by the names “RedDelta” or “Bronze President”.
Read also The Cybersecurity Trends That Will Shape 2022
“Mustang Panda is quite prolific in South Africa for the last three months,” said Carlo Bolzonello, South Africa country lead for Trellix, during Wednesday’s briefing.
“From a South African perspective, they’ve been very active in the last three months around the banking and wealth management sector,” he added.
John Fokker, head of cyber investigations and principal engineer at Trellix, alleged that Mustang Panda is believed to support the Chinese government.
“In the past, especially in Europe, there was a big debate around 5G and about replacing 5G technology with specific Chinese-built technology at the core. And from a security perspective, this was a big debate,” Fokker said.
Read also China Wants to Help Build a High Speed Rail from Johannesburg to Durban
Fokker said they observed that Mustang Panda was targeting telecommunications sectors in countries where this debate was big.
“And how they actually did it… they did actually have a fake career site, so we assume they posed as recruiters trying to recruit individuals with technical knowledge within the telecommunications sector and persuade them to open a file and then infect their computer,” Fokker explained.
Bolzonello added that although the attacks on the South African telecommunications sector have only been realised recently they were also witnessed during the big debate around 5G technology.
Read also Egyptian Healthtech Doxx Secures $1.5M Seed For Expansion
“Mustang Panda is there to collect data, stick around, and exfiltrate data out and that data could be used for numerous different things,” said Bolzonello.
Kelechi Deca
Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry