Mustang Panda Unleashes USB Worm SnakeDisk, Targeting Thailand
Cybersecurity experts have uncovered a new threat from the China-linked APT group Mustang Panda. Dubbed SnakeDisk, this USB worm has been infecting devices and spreading through networks, with a focus on Thailand due to increased geopolitical tensions.
The group, also known as APT41, has shifted its attention to Southeast Asia, particularly Thailand. In summer 2025, they employed SnakeDisk to infiltrate government networks. This worm spreads through USB drives, infecting connected devices and dropping the Yokai backdoor.
SnakeDisk is not Mustang Panda's only new tool. They've also updated their Toneshell backdoor to version 9, which uses local proxies to hide within enterprise traffic and runs two reverse shells simultaneously. This enhanced capability allows the group to maintain stealthier, longer-lasting access to compromised systems.
Mustang Panda's recent campaigns have shown a broad target range, including government organizations, think tanks, NGOs, and even religious institutions like the Vatican. Their targets span Asia and Europe, with a history of using conflict-related lures, such as reports on the Ukraine crisis, to trick victims into executing malicious files.
The deployment of SnakeDisk in Thailand, alongside the evolution of Toneshell, underscores Mustang Panda's adaptability and growing threat. As geopolitical tensions rise, so does the need for vigilance against such advanced persistent threats. Security experts advise heightened caution when handling USB drives and emphasize the importance of robust network defenses and regular security updates.
Read also:
- Global Content Dissemination Through Cross-Linguistic Voiceovers
- JLR Fights Back After Cyberattack, Secures $7B in Funding, Appoints New CEO
- A2C Teams Up with Privacy4Cars to Strengthen FTC Compliance for Auto Dealers
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
