Over the past five months, the cyber espionage group Mustang Panda has been implicated in introducing malware aimed at gaining remote access to computer systems within cargo shipping companies based in Norway, Greece, and the Netherlands, including those potentially aboard cargo ships themselves. This revelation comes from ESET, a cybersecurity firm headquartered in Slovakia.
This development coincides with recent warnings from top officials in the UK and the US regarding an escalating cybersecurity threat emanating from China, particularly targeting critical infrastructure.
Mustang Panda, previously accused of espionage across Asia and Europe, utilized similar malware tools in previous operations. This type of malware, known as a “remote access trojan,” enables attackers to gain full control over a device after infiltrating through various means such as email, malicious websites, vulnerable software, or unprotected machines.
According to researchers, this marks the first instance where evidence has surfaced linking a China-affiliated cyber espionage group to targeting commercial shipping.
Robert Lipovsky, principal threat intelligence researcher at ESET, emphasized the multiple, distinct attacks on unrelated organizations within the shipping sector, suggesting a significant interest in this industry from the attackers.
The extent of the cyber spying campaign, including the potential use of physically planted USB devices at companies or on ships, remains unclear.
At a cybersecurity conference in the UK, officials highlighted China as the primary focus of cyber threats. While acknowledging immediate concerns from Russia and Iran, the head of GCHQ, the UK’s cyber intelligence agency, underscored China’s substantial cyber capabilities and its implications for global security.
Similarly, the White House’s national cyber director emphasized China’s capacity to disrupt US civilian infrastructure through cyber espionage activities.
The Biden administration has accused China of conducting extensive cyber espionage under the moniker “Volt Typhoon,” targeting critical infrastructure. However, China has consistently denied such allegations from the US, UK, and other nations, dismissing them as exaggerated.
Officials at the conference noted a shift in China’s cyber tactics, moving from intellectual property theft to stealthily accessing critical utilities and infrastructure. This shift suggests a strategy aimed at gaining leverage in potential crises rather than solely focusing on information theft.