Microsoft VS Code Undermined in Asian Spy Attack

A technique to abuse Microsofts built-in source code editor has finally made it into the wild, thanks to Chinas Mustang Panda APT.

A Chinese state-aligned espionage group has become the first documented threat actor to weaponize a known exploit in VS Code in a malicious attack.
Visual Studio Code
, or VS Code, is Microsofts free source code editor for Windows, Linux, and macOS. According to Stack Overflows 2023 survey of 86,544 developers, its the most popular integrated development environment (IDE) among both new (78%) and professional developers (74%), by some distance. The next most popular IDE, Visual Studio, was used by 28% of respondents.
In September 2023, a threat researcher described how an attacker could take advantage of a VS Code feature called Tunnel to gain initial access to a targets environment. Initially, the tactic was just fodder for red teaming. Now, according to Palo Alto Networks Unit 42, Chinas
Mustang Panda
(aka Stately Taurus, Bronze President, RedDelta, Luminous Moth, Earth Preta, and Camaro Dragon) has used it in an espionage attack against a
government entity in southeast Asia
.
The technique described requires an attacker to have previously gained code execution privileges on a target machine, a Microsoft spokesperson tells Dark Reading. As a security best practice, we encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages or opening unknown files.
One of the worst fears as a cybersecurity expert is detecting and preventing a signed reverse shell binary, Truvis Thornton wrote, a whole year prior to Unit 42s latest research. Guess what? Microsoft gladly gave us one.
First introduced in July 2023, VS Code Tunnel allows users to share their VS Code environments on the open Web, and only requires authentication through a GitHub account.
An attacker with their victims GitHub credentials could do damage, but much worse is the fact that one can remotely install a portable version of VS Code on a targeted machine. Because its a legitimate signed binary, it will not be flagged as suspicious by security software.
And yet, it will walk and talk like a reverse shell. By running the command code.exe tunnel, the attacker opens a GitHub authentication page, which they can log into with their own account. Then theyre redirected to a VS Code environment connected to their targets system, and free to execute commands and scripts and introduce new files at will.
Mustang Panda — a 12-year-old advanced persistent threat (APT) known for espionage against governments, nongovernmental organizations (NGOs), and religious groups in Asia and Europe — used this playbook to perform reconnaissance against its target, drop malware, and, most importantly for its purposes, exfiltrate sensitive data.
While the abuse of VSCode is concerning, in our opinion, it is not a vulnerability, Assaf Dahan, director of threat research for Unit 42, clarifies. Instead, he says, Its a legitimate feature that was abused by threat actors, as often happens with many legitimate software (take lolbins, for example).
And there are a number of ways organizations can protect against a bring-your-own-VSCode attack. Besides hunting for indicators of compromise (IoCs), he says, Its also important to consider whether the organization would want to limit or block the use of VSCode on endpoints of employees that are not developers or do not require the use of this specific app. That can reduce the attack surface.
Lastly, consider limiting access to the VSCode tunnel domains .tunnels.api.visualstudio[.]com or .devtunnels[.]ms to users with a valid business requirement. Notice that these domains are legitimate and are not malicious, but limiting access to them will prevent the feature from working properly and consequently make it less attractive for threat actors, he adds.
While investigating the Mustang Panda attack, Unit 42 came across a second threat cluster occupying the same targets systems.
In this case, the attacker abused imecmnt.exe — a legitimate and signed file associated with Microsofts Input Method Editor (IME), used for generating text in languages not conducive to the QWERTY keyboard — with some dynamic link library (DLL) sideloading. The file they dropped, ShadowPad, is a 7-year-old modular backdoor popular among Chinese threat actors.
This compromise occurred at the same time as the VS Code exploitation, often on the same endpoints, and the overlaps didnt end there. Still, researchers couldnt say for certain whether this second cluster of malicious activity could be attributed to Mustang Panda. There could also be other possible scenarios to explain this connection, they wrote. For example, it could be a joint effort between two Chinese APT groups or perhaps two different groups piggybacking on each others access.
Dont miss the latest
Dark Reading Confidential podcast
, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs.
Listen now!

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft VS Code Undermined in Asian Spy Attack