Cybersecurity and Chinese Espionage

Cybersecurity firm Dream Security says a China‑linked espionage group believed to be Mustang Panda ran a phishing campaign from late December 2025 through mid‑January 2026 that spoofed official U.S. diplomatic summaries and policy documents in order to hack diplomats and officials involved in diplomacy, elections and international coordination worldwide. The emails carried malicious files that did not rely on a software vulnerability; according to Dream CEO Shalev Hulio, merely opening the attachment was enough to infect a device with malware designed to steal data and maintain persistent access. Hulio told Axios the campaign successfully compromised "a lot of people," though investigators do not yet know precisely who or how many, underscoring the potential scale of the breach. Dream attributes the operation to Mustang Panda, a long‑running China‑based group known for using tailored phishing lures to steal government secrets, and says one of its own AI agents first spotted the attack—what Hulio describes as the first known case of an AI system detecting a China‑linked espionage campaign live. The episode highlights both the continued sophistication and stealth of Chinese cyber operations against U.S. and allied targets and the growing role AI will play on both offense and defense in state‑sponsored hacking.