Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1 www.zscaler.com/blogs/sec…

The Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily in countries located in East Asia, but they have also been known to target entities in Europe. This blog post is the first in a two-part series that covers new variants of ToneShell and a new tool that we have named StarProxy, both found on Mustang Panda’s staging server. The second part of the blog explores two keyloggers and an EDR evasion driver, also hosted on the same staging server. also: Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2 www.zscaler.com/blogs/sec…