The China-linked APT group Mustang Panda has been observed using Visual Studio Code’s reverse shell feature in espionage operations targeting Southeast Asian government entities, according to Palo Alto Networks Unit 42. This new technique, first demonstrated in September 2023, allows attackers to gain remote access to compromised systems by exploiting Visual Studio Code’s tunnel feature. Mustang Panda used this method to deliver malware, perform reconnaissance, and exfiltrate data, alongside deploying the ShadowPad malware, a backdoor commonly used by Chinese espionage groups. It's unclear if two different threat actors or a single group were behind the attacks.