PlugX Diplomacy: Mustang Panda Campaign
Between late Dec 2025 and mid-Jan 2026, a covert cyber-espionage campaign targeted diplomatic, election, and policy officials by exploiting trust rather than technical vulnerabilities. Attackers distributed malicious documents masquerading as diplomatic briefings or materials that appeared credible, timely, and aligned with real geopolitical events. Simply opening the files triggered compromise, deploying a customized PlugX malware variant associated with the China-nexus threat actor Mustang Panda. Identified by Dream’s threat-hunting AI, the campaign underscores a defining trend in modern espionage: credibility and impersonation have become more effective than technical exploits in enabling long-term intelligence collection.