Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

A highly sophisticated threat group, known as Mustang Panda, has been using a cloud-based file sharing platform called Zoho WorkDrive as a command channel in its targeted attacks against Indian government entities and organizations. This shocking revelation highlights the evolving tactics of state-sponsored attackers and the increasing importance of robust cybersecurity measures.

Mustang Panda, a well-known Chinese threat actor, has been exploiting vulnerabilities in software applications to gain unauthorized access to sensitive systems for years. However, their recent use of Zoho WorkDrive as a command channel marks a significant shift in their tactics, underscoring the growing trend of attackers leveraging cloud services to conduct malicious activities.

Zoho WorkDrive is a popular cloud-based file sharing and collaboration platform used by millions worldwide. What makes this revelation even more disturbing is that Mustang Panda’s use of Zoho WorkDrive as a command channel was not discovered through traditional security measures, but rather through the analysis of software vulnerabilities identified by AI models. This highlights the critical role artificial intelligence (AI) is playing in cybersecurity – detecting and exposing threats that human analysts might otherwise miss.

The Indian government has been particularly targeted by Mustang Panda’s attacks, with several high-profile breaches reported in recent months. These incidents have raised concerns about the potential for sensitive information to be compromised, including classified documents and personal data. The use of Zoho WorkDrive as a command channel allows attackers to establish a hidden communication channel with their malware, making it extremely difficult for security teams to detect and respond to these threats.

The implications of this discovery are far-reaching, emphasizing the need for organizations to adopt robust cybersecurity measures to protect against software vulnerabilities and cloud-based attacks. This includes implementing regular security audits, conducting thorough vulnerability assessments, and ensuring that all employees are educated on best practices for secure online behavior. Furthermore, organizations should also consider leveraging AI-powered tools to detect and respond to threats in real-time.

In light of this revelation, it is essential for organizations to review their cloud-based services and implement additional security controls to prevent unauthorized access. This includes closely monitoring cloud usage, implementing strict access controls, and regularly testing and updating software applications to ensure they are secure against known vulnerabilities. By taking proactive measures to safeguard against these emerging threats, organizations can reduce the risk of falling victim to sophisticated attacks like those conducted by Mustang Panda.


Source: The Hacker News — 2026-06-29