Ep. 60 - The Puppet Masters: Mustang Panda's Long Con Against ASEAN Diplomats

When a tired EU diplomat clicks "connect" on an airport Wi-Fi portal, his briefing—and his government's secrets—end up in Chengdu.

Hosts Tova Dvorin and Adrian Culley unpack Mustang Panda (APT27 / Bronze President), the Chinese threat group running the long con against NGOs, ASEAN ministries, and Tibetan and Uyghur activists. Inside: captive-portal Wi-Fi Pineapples that bypass MFA, PlugX side-loading through legitimate apps, and the USB worm that jumps air-gapped military networks.

Timestamps:

00:00 Introduction

00:40 The Captive Portal Attack

01:11 Who is Mustang Panda?

02:25 Targeting NGOs and Diplomats

03:46 Social Engineering 2.0

05:28 Credential Pass-Through Explained

06:57 The PlugX Trojan

08:25 USB Worms and Air-Gapped Computers

09:30 Recent Activity and Implications

10:29 How to Protect Yourself

#MustangPanda #APT27 #ChinaAPT