Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

Off IT Securty Articles,

What’s new: Mustang Panda, a China-aligned threat actor, has deployed a new USB worm named SnakeDisk, which targets devices with Thailand-based IP addresses. This worm drops the Yokai backdoor, which establishes a reverse shell for executing commands. The malware is part of a broader set of tools used by the group, including updated versions of the TONESHELL backdoor.

Who’s affected

Organizations and individuals in Thailand are primarily at risk due to the geofencing of the SnakeDisk worm. The threat actor has been active since at least 2012 and has previously targeted various countries in the region.

What to do

  • Implement strict USB device policies to prevent unauthorized devices from connecting to networks.
  • Monitor network traffic for unusual connections, especially from devices with Thailand-based IP addresses.
  • Educate users about the risks of connecting unknown USB devices and the potential for malware.
  • Regularly update and patch systems to defend against known vulnerabilities exploited by malware.

Sources

Tags: ,

Related posts

About The Author