China threat group accused of hospital espionage in Europe


Mustang Panda is being blamed for a malware infection at a hospital in Europe. Also known as Camaro Dragon, the threat actor is believed to be an espionage group working for China.

The claim was made by Check Point, a Western-affiliated cybersecurity company, after it investigated a suspected cyber-infection at the hospital earlier this year.

ADVERTISEMENT

Mustang Panda is thought by analysts to focus primarily on targets in Southeast Asia, but in the interconnected cyber world, attacks can have global collateral damage.

“The malware gained access to the healthcare institution systems through an infected USB drive,” said Check Point. “In this way, malware infections originating in Southeast Asia spread uncontrollably to different networks around the globe, even if those networks are not the threat actors’ primary targets.”

It all started at a healthcare conference in Asia. An employee of a hospital in Europe used their USB stick to share information with an international colleague. What they didn’t realize was that the computer they were plugging into had been infected.

As a result, the European healthcare worker’s USB was infected too, and they unwittingly brought the malware back home.

“Upon returning to his home hospital in Europe, the employee introduced the infected USB drive to the hospital’s computer systems, which led the infection to spread,” said Check Point.

“The investigation showed that the malicious activity observed was likely not targeted but was simply collateral damage from Camaro Dragon’s self-propagating malware infections spreading via USB drives,” said Check Point.

It added: “Camaro Dragon is a Chinese-based espionage threat actor whose operations are actively focused on Southeast Asian countries and foreign entities related to them.”

Check Point believes the threat actor’s cyber espionage methodology bears a close resemblance to that used by Mustang Panda and LuminousMoth, leading it to conclude that likely the three are one and the same — cyber groups often go by more than one name or alias.

ADVERTISEMENT

What does appear to be different is the toolkit being used by the threat actors, which Check Point says now includes more virulent tools, including WispRyder and HopperTick, “that allow the malware to spread uncontrollably.”

The US and China appear to be at loggerheads for the foreseeable future, with the former accusing the latter of systematically deploying human and digital agents to steal its technology. The People’s Republic claims the American accusations are false and amount to little more than a smear campaign.

Although in this case Europe appears not to have been targeted deliberately, the EU is a key ally of the US.

Last year, Mustang Panda was accused of targeting organizations in both Europe and Russia, despite the latter’s claim to have close ties to China following the invasion of Ukraine.


More from Cybernews:

Fastest robot boxer demonstrated

Twitter most hateful platform, says Australia

US mulls measures to contain AI as analyst warns of rise in digital scams

Russia plans to stop blocking piracy websites | Cybernews

ADVERTISEMENT

1.5M people exposed in biggest MOVEit bug breach so far | Cybernews

Subscribe to our newsletter