securityonline.info 7/2/2026, 8:41:22 AM · external

Mustang Panda spies on India using Zoho WorkDrive for hydropower

Mustang Panda spies on India using Zoho WorkDrive for hydropower
Developing story campaign 2 articles tracked
Mustang Panda uses Zoho WorkDrive for espionage against Indian government
CyberSIXT Evidence Panel
Primary Source acronis.com
Threat Actor
🇨🇳 MUSTANG PANDA

ACRONIS Threat Research Unit uncovered two espionage campaigns by Mustang Panda, targeting Indian government and hydropower sectors using Zoho WorkDrive for command and control (C2). These campaigns involved spear-phishing attacks with ZIP archives containing malicious DLLs, aimed to extract intelligence on India's hydropower initiatives and defense ties with Taiwan.

The malware, including SHARDLOADER and ZOHOMURK, employed DLL sideloading techniques and disguised malicious behavior within normal cloud traffic, making detection difficult. Active compromises were detected in government networks from June 12-22, 2026, with these cyber activities linked to previous campaigns attributed to the group.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline