Cybersecurity researchers have uncovered a sophisticated espionage campaign targeting Indian government entities and critical infrastructure, demonstrating how state-aligned threat actors continue to evolve their tactics by leveraging legitimate cloud services for malicious operations. According to a new report from Acronis Threat Research Unit, the China-aligned threat group known as Mustang Panda has been actively compromising systems within Indian government networks, including machines belonging to senior administrative officials.
Mustang Panda, also tracked as TA416 or RedDelta, has been targeting Indian entities through at least two distinct campaigns. What makes these attacks particularly noteworthy is the group's innovative approach to using Zoho WorkDrive—a legitimate cloud storage service—as a command and control channel for their malware. This technique allows the attackers to blend their malicious communications with legitimate traffic, making detection significantly more challenging for traditional security tools.
The primary targets include government departments and hydropower facilities, suggesting both intelligence gathering and potential disruption