HoneyMyte (also known as Mustang Panda or Bronze President) has recently updated its espionage toolset, targeting government entities across Asia and Europe. The group has significantly evolved the CoolClient backdoor, introducing new features such as clipboard monitoring and an HTTP proxy credential sniffer. These updates allow the threat actor to monitor user behavior more closely and intercept sensitive authentication data directly from network traffic.
In addition to the backdoor updates, the group is deploying specialized browser data stealers and various reconnaissance scripts. These tools target Chromium-based browsers like Chrome and Edge, using SQL queries and DPAPI decryption to harvest saved credentials. The activity is further supported by PowerShell and batch scripts that automate system enumeration, document theft, and data exfiltration to public file-sharing services like Pixeldrain and Google Drive.
Top comments (0)