> TritonInfoSec News
Home / Jun 30, 2026 / Story
0
#7 The Hacker News general June 29, 2026 at 15:03 UTC

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

By [email protected] (The Hacker News)

AI Summary

China-aligned APT group Mustang Panda is conducting two active espionage campaigns against Indian government networks and hydropower sector targets, deploying new malware while abusing Zoho WorkDrive as a command-and-control channel to blend traffic with legitimate cloud services. Acronis Threat Research Unit confirmed active compromises on machines used by senior Indian administrative staff. The use of a legitimate SaaS platform for C2 complicates network-based detection and highlights the need for behavioral monitoring over pure traffic blocking.

Read full article → https://thehackernews.com/2026/06/mustang-panda-us…

Relevance score: 82.0/100

# More from June 30

  1. 1
    U.S. offers $10 million for hackers targeting WhatsApp, Signal users BleepingComputer
  2. 2
    Critical SimpleHelp flaw exploited to deploy new stealer malware BleepingComputer
  3. 3
    Hackers now exploit critical Oracle E-Business flaw in attacks BleepingComputer
  4. 4
    Nissan discloses employee data breach linked to Oracle zero-day attacks BleepingComputer
  5. 5
    Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts The Hacker News
  6. 6
    Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw The Hacker News
  7. 8
    Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse The Hacker News
  8. 9
    236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers The Hacker News
  9. 10
    Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer The Hacker News