Cyber Resilience

Threat actor · all actors

Mustang PandaG0129 state-contractor

🇨🇳 CN · MSS

aka Mustang Panda, TA416, RedDelta, BRONZE PRESIDENT, STATELY TAURUS, FIREANT, CAMARO DRAGON, EARTH PRETA, HIVE0154, TWILL TYPHOON, TANTALUM, LUMINOUS MOTH, UNC6384, TEMP.Hex, Red Lich, ClumsyToad

Last updated: 2026-07-03

2attributed CVEs
114ATT&CK techniques
3.9IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. [Mustang Panda](https://attack.mitre.org/groups/G0129) has been known to use tailored phishing lures and decoy documents to deliver malicious payloads. [Mustang Panda](https://attack.mitre.org/groups/G0129) has targeted government, diplomatic, and non-governmental organizations, including think tanks, religious institutions, and research entities, across the United States, Europe, and Asia, with notable activity in Russia, Mongolia, Myanmar, Pakistan, and Vietnam. (Citation: BlackBerry MUSTANG PANDA October 2022)(Citation: Eset PlugX Korplug Mustang Panda March 2022)(Citation: Anomali MUSTANG PANDA October 2019)(Citation: Cisco Talos MUSTANG PANDA PLUGX PUBLOAD MAY 2022)(Citation: Secureworks BRONZE PRESIDENT December 2019)(Citation: DOJ Affidavit Search and Seizure PlugX December 2024)(Citation: EclecticIQ Mustang Panda PlugX)(Citation: ATTACKIQ MUSTANG PANDA TONESHELL March 2023)(Citation: Crowdstrike MUSTANG PANDA June 2018)(Citation: Palo Alto Networks, Unit 42)(Citation: Sophos PlugX September 2022)(Citation: Sophos Mustang Panda PLUGX)(Citation: Zscaler)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-20929 5.57.50.01142026-01-13see CVE
CVE-2026-22813 3.56.10.00912026-01-12see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-470 / 11461%
CM-263 / 11455%
CM-662 / 11454%
SI-359 / 11452%
CA-746 / 11440%
CM-745 / 11439%
AC-339 / 11434%
AC-437 / 11432%
AC-635 / 11431%
SC-735 / 11431%
AC-232 / 11428%
SI-730 / 11426%
SI-1025 / 11422%
RA-524 / 11421%
CM-821 / 11418%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Same nation-state