Infosecurity-Magazine
Chinese APT Campaign Targets Asia-Pacific with FDMTP Backdoor
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A months-long espionage campaign linked to the Chinese group Mustang Panda has been identified, utilizing an updated variant of the FDMTP backdoor. This campaign, tracked by Darktrace, began in late September 2025 and has primarily affected customer environments in the Asia-Pacific and Japan regions. Attackers employed a technique involving the sideloading of malicious DLLs alongside legitimate binaries, with requests made to domains impersonating well-known content delivery networks like Yahoo and Apple. The campaign's final payload is a heavily obfuscated .NET backdoor, version 3.2.5.1 of FDMTP, which includes various plugins for persistence and remote tasking. Darktrace has observed multiple instances of affected hosts retrieving legitimate executables, configuration files, and malicious DLLs over extended periods. The activity is consistent with previously reported techniques associated with Mustang Panda, though the methods are not exclusive to this group. As of May 2026, the campaign continues to pose a significant threat to targeted sectors, particularly finance.
Key Points: • Mustang Panda is linked to an updated variant of the FDMTP backdoor targeting APJ. • Attackers use DLL sideloading techniques with legitimate binaries to execute payloads. • The campaign has been active since September 2025, with ongoing threats observed into May 2026.