A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers (ISPs) and research institutions via phishing lures that refer to Russia’s invasion of Ukraine and COVID-19 travel restrictions. The ongoing campaign was first seen in August 2021 and is being tied to Mustang Panda – a Chinese APT unit also known as TA416, RedDelta and PKPLUG – due to similar code and common tactics, techniques and procedures used by the group in the past, according to researchers with the cybersecurity firm ESET. Mustang Panda is known...