w-tan-cong-mang-1-1.jpg
Organizations nationwide, including enterprises providing telecommunications and Internet services, are required to check systems that are likely to be affected by attack campaigns. Illustration photo: L. Anh

Agencies, organizations, and enterprises across the country are advised to check and review their information systems for potential vulnerabilities.

Information security experts have identified APT targeted attacks as a major threat for 2024 and beyond, along with distributed denial of service (DDoS) attacks and ransomware. 'Mustang Panda' is known for executing numerous targeted attack campaigns against organizations in Southeast Asia, including Vietnam.

According to a report by Viettel Cyber Security for the first quarter of 2024, Mustang Panda is one of four significant APT groups impacting Vietnamese organizations and businesses. The report noted that although the quantity of malware from 'Mustang Panda' has decreased, the group's techniques have become more sophisticated, making detection and investigation more challenging.

The National Cyber Security Monitoring Center (NCSC) discovered illegal activities by 'Mustang Panda' targeting Vietnamese organizations. The group's recent campaign exploits 'lures' related to education and tax, employing various tactics and tools such as 'forfiles.exe' to execute malicious files from Command and Control (C&C) servers. Their targets include government, non-profit, and educational organizations.

Experts observed that the April and May campaigns utilized text files with content pertaining to tax and educational institutions, originating from phishing emails with malicious attachments.

To safeguard information systems, the Department of Information Security urges specialized IT and information security units across ministries, state-owned corporations, telecommunications and internet service providers, digital platforms, financial institutions, and commercial banks to inspect and review their systems for potential impacts from the 'Mustang Panda' attacks.

Organizations are advised to monitor relevant information, strengthen monitoring, prepare response plans, and regularly check warning channels from functional agencies and major information security organizations to promptly detect cyber attack risks.

For support, units can contact the Department of Information Security and the NCSC at phone number 02432091616, or via email at [email protected].

Van Anh