Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Also known as: EARTH PRETA, PKPLUG, Stately Taurus, TEMP.HEX, RedDelta, Polaris, STATELY TAURUS, TWILL TYPHOON, Hive0154, LuminousMoth, Twill Typhoon, Bronze President, CAMARO DRAGON, Earth Preta, BASIN, LUMINOUS MOTH, UNC6384, TANTALUM, FIREANT, HoneyMyte, Camaro Dragon, HIVE0154, Mustang Panda, BRONZE PRESIDENT, TEMP.Hex, Red Lich, G0129, TA416
This threat actor targets nongovernmental organizations using Mongolian-themed lures for espionage purposes. In April 2017, CrowdStrike Falcon Intelligence observed a previously unattributed actor group with a Chinese nexus targeting a U.S.-based think tank. Further analysis revealed a wider campaign with unique tactics, techniques, and procedures (TTPs). This adversary targets non-governmental organizations (NGOs) in general, but uses Mongolian language decoys and themes, suggesting this actor has a specific focus on gathering intelligence on Mongolia. These campaigns involve the use of shared malware like Poison Ivy or PlugX. Recently, Falcon Intelligence observed new activity from MUSTANG PANDA, using a unique infection chain to target likely Mongolia-based victims. This newly observed activity uses a series of redirections and fileless, malicious implementations of legitimate tools to gain access to the targeted systems. Additionally, MUSTANG PANDA actors reused previously-observed legitimate domains to host files.
| CVE ID | Action |
|---|
| CVE-2024-1708 | View Details |
| CVE-2017-0199 | View Details |
| CVE-2024-1709 | View Details |