By Micah Jonah
January 16, 2026
A Chinese-linked cyberespionage group has targeted U.S. government and policy-related officials with Venezuela-themed phishing emails, cybersecurity researchers said on Thursday.
The campaign, carried out by the long-running group known as “Mustang Panda,” followed the U.S. operation to seize Venezuelan President Nicolas Maduro. Researchers say the hackers leveraged the geopolitical situation to steal data, establish footholds in U.S. government networks.
Cybersecurity firm, Acronis, detected the operation after analyzing a zip file titled “US now deciding what’s next for Venezuela,” uploaded on January 5. The file contained malware with code and infrastructure, consistent with previous Mustang Panda campaigns.
It is unclear which specific targets were affected or whether any systems were compromised. If executed, the malware would allow hackers to access data from targeted computers, maintain persistent access, the analysis said.
Acronis analysts noted the malware was compiled hours after the U.S. operation began, suggesting the hackers acted quickly to exploit the situation.
The U.S. Department of Justice has previously described Mustang Panda as a Chinese state-sponsored group that develops spyware, penetrates target networks. A spokesperson for the Chinese embassy in Washington denied any involvement, emphasizing China’s opposition to hacking and the spread of false information.
The FBI declined to comment on the matter.
