Chinese Espionage-based APT Earth Preta, aka Mustang Panda, Evolves its Attacks with New Malware and Strategies
(www.trendmicro.com)
from tardigrada@beehaw.org to technology@beehaw.org on 09 Sep 2024 13:58
https://beehaw.org/post/15963964
from tardigrada@beehaw.org to technology@beehaw.org on 09 Sep 2024 13:58
https://beehaw.org/post/15963964
- Earth Preta has upgraded its attacks, which now include the propagation of PUBLOAD via a variant of the worm HIUPAN
- Additional tools, such as FDMTP and PTSOCKET, were used to extend Earth Preta’s control and data exfiltration capabilities
- Another campaign involved spear-phishing emails with multi-stage downloaders like DOWNBAIT and PULLBAIT, leading to further malware deployments
- Earth Preta’s attacks are highly targeted and time-sensitive, often involving rapid deployment and data exfiltration, with a focus on specific countries and sectors within the APAC region
Earth Preta has been known to launch campaigns against valued targets in the Asia-Pacific (APAC). Recent observations on their attacks against various government entities in the region show that the threat group has updated their malware and strategies.
threaded - newest