Mustang Panda Hacks Thailand With USB Worm, Backdoor

China-linked cyber-espionage group Mustang Panda has expanded its toolkit with a new USB worm dubbed SnakeDisk, targeting systems in Thailand. Security analysts at IBM X-Force reported that the malware only activates on devices using Thailand-based IP addresses, signaling a focused campaign. The operation, which demonstrates the latest instance of Mustang Panda hacks Thailand strategically, aims to deliver a payload known as the Yokai backdoor.

SnakeDisk spreads via infected USB drives, enabling the attackers to bypass traditional perimeter defenses. Once triggered, the worm installs Yokai and an updated version of the TONESHELL backdoor, enhancing persistence and remote access. IBM researchers emphasized that the malware’s geolocation trigger ensures it activates only within Thai networks, limiting exposure and detection.

This campaign underscores Mustang Panda’s continued investment in stealthy, targeted attacks. The group’s evolving tactics reflect a broader trend of cyber operations tailored to specific geopolitical interests, including Mustang Panda hacks Thailand infrastructure.

Read the full report at
https://thehackernews.com/2025/09/mustang-panda-deploys-snakedisk-usb.html