The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Mustang Panda’s LotusLite Backdoor

Jan 26, 2026 2:03:02 PM / by The Hivemind posted in Threat Bulletin, Mustang Panda, DLL sideloading, LOTUSLITE backdoor, espionage campaign, custom C++ implant, geopolitical lure, US government targeting

0 Comments

Verticals Targeted: Government, Policy-Focused Organizations
Regions Targeted: US
Related Families: None

Executive Summary

China nexus threat actors launched a targeted espionage campaign against US government and policy-related entities, delivering a custom backdoor named LOTUSLITE via politically themed spear-phishing lures centered on US-Venezuela relations. The campaign prioritizes reliable espionage capabilities over technical sophistication, with moderate-confidence attribution to Mustang Panda based on shared delivery patterns, infrastructure, and operational behaviors.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More