Acronis's threat research unit says it recently tracked two concurrent hacking campaigns by a group often called Mustang Panda.
Acronis's threat research unit says it recently tracked two concurrent hacking campaigns by a group often called Mustang Panda.

Mustang Panda cyber campaign aims at India and experts warn of similar hacking attempts


Recent cyber campaigns aimed at the hydropower sector and government agencies in India have experts warning that other countries might also be vulnerable.

The threats originated from Mustang Panda, a cyber-crime and espionage group that several security firms believe is based in China.

According to Acronis, a cyber-security and data-protection company that tracked Mustang Panda's recent hacks, the "two identified campaigns targeted India's hydropower sector and government entities engaged in co-operation agreements with Taiwanese government institutions".

Acronis said that despite increasingly complex hacks taking place all over the world, Mustang Panda's push to infiltrate India's digital infrastructure fell under the category of "moderate sophistication".

The hacking attempts were successful in part because of an affinity campaign that used malicious files disguised as government documents.

Mustang Panda also made use of Zoho WorkDrive, "a legitimate cloud storage platform commonly used in the Indian government sector", to infiltrate and steal documents, according to an Acronis statement.

Santiago Pontiroli, a threat-intelligence research lead at Acronis, said that the recent hack should prompt concern among countries for critical infrastructure and cloud-computing tools.

Phishing attempts like this from Mustang Panda ultimately led to a successful hack of India's government and energy sector.
Phishing attempts like this from Mustang Panda ultimately led to a successful hack of India's government and energy sector.

"They [Mustang Panda] really did their homework on their victim because in the Indian government this tool is commonly used," he said.

He said that instead of relying on a highly polished malware campaign, the hackers used popular tools to blend in with traditional computer network traffic in India.

Mr Pontiroli said countries seeking to rapidly hasten the digitisation of government services, especially those in the Middle East, could be the most vulnerable to less sophisticated approaches.

He also said that Mustang Panda is hardly alone, and that groups considered to be advanced persistent threats are progressively becoming more adept at using simple phishing strategies to try to compromise critical infrastructure.

"They use either geopolitical events that are happening, they use ongoing wars, and they use it for their interests," Mr Pontiroli said.

Along those lines, in the UAE, the Abu Dhabi Emergencies, Crises and Disasters Management Centre recently urged residents that attempted cyber attacks were likely to increase due to geopolitical tension in the Middle East.

“Exploiting fear and confusion among individuals” leads to “rushed digital decision-making without adequate verification”, guidelines from the centre read.

The spread of rumours amid conflict also increases fear, which raises mental fatigue, the guidelines continued, making it more likely that people will click on harmful links or provide personal information that could lead to hacking.

Last week, the UAE's Cyber Security Council said it had foiled "sophisticated cyber attacks" on the financial sector, ensuring there was no disruption to services.

Mr Pontiroli said it was wise of the UAE to be persistent with its approach, and for other countries to take follow its example to ensure cyber security.

"The UAE is one of the countries that actually invests a lot, not only in only cyber-defensive security, but also offensive security," he said, referring to the method of looking for vulnerabilities and fixing them before criminals find them.

Updated: July 08, 2026, 7:23 PM