Chinese Cybercriminals Implant PlugX Variant on Hacked Exchange Servers

PKPLUG, a Chinese group responsible for cyber espionage campaigns mostly in Southeast Asia, used Microsoft Exchange Server vulnerabilities to deploy a previously undisclosed type of RAT, says The Hacker News.   The initial activity of the new malware strain was detected in March 2021. Palo Alto Networks' Unit 42 cybersecurity team stated that a new version of the PlugX malware known as Thor was delivered as a post-exploitation tool to one of the compromised systems. PlugX is a second phase implant employed by the Chinese cyber spy organization PKPLUG, also known as Mustang Panda. The new version stands out because it includes a patch to its primary source code, replacing the trademarked word PLUG with the word THOR. This is the first time when something like this has happene...