#7
The Hacker News
general
June 29, 2026 at 15:03 UTC
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
By [email protected] (The Hacker News)
AI Summary
China-aligned APT group Mustang Panda is conducting two active espionage campaigns against Indian government networks and hydropower sector targets, deploying new malware while abusing Zoho WorkDrive as a command-and-control channel to blend traffic with legitimate cloud services. Acronis Threat Research Unit confirmed active compromises on machines used by senior Indian administrative staff. The use of a legitimate SaaS platform for C2 complicates network-based detection and highlights the need for behavioral monitoring over pure traffic blocking.
Relevance score: 82.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →