Earth Preta

Threat Actor updated 17 hours ago (2024-09-10T16:17:44.554Z)
Download STIX
Preview STIX
Earth Preta, also known as Mustang Panda, is a threat actor group that has been operational since at least 2012. The group has been highly active in Europe and Asia, with particular emphasis on the Asia-Pacific (APAC) region. Earth Preta employs several tools and commands for the Command and Control (C&C) stage of their operations, using a variety of malware including a variant of the DOPLUGS malware to target specific countries within the APAC region. Researchers have noted that Earth Preta's operations are highly targeted and time-sensitive, often involving rapid deployment and data exfiltration. In a recent campaign analyzed by cybersecurity researchers, Earth Preta was found to be executing highly targeted and time-sensitive operations, focusing on specific countries and industries within the APAC region. This was evidenced by the quick turnover of decoy documents and malware samples on a WebDAV server hosted by the group. The use of malware-loaded USB drives, a strategy that experienced a revival during and in the wake of the COVID-19 pandemic, has been identified as a primary infection vector used by this threat actor group. Looking forward, it is expected that Earth Preta will remain highly active in the foreseeable future, particularly within the APAC region. The group has recently shifted its focus to target critical infrastructure and key institutions, deploying malware through hybrid techniques. Given the group's continued activity and evolving tactics, it is crucial for organizations, especially those in the targeted regions and sectors, to maintain robust cybersecurity measures and stay abreast of the latest threat intelligence.
Description last updated: 2024-09-10T16:16:01.135Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mustang Panda
3
Mustang Panda, also known by various aliases such as Bronze President, Luminous Moth, and Camaro Dragon among others, is a threat actor believed to operate from Chengdu, China. The group has been publicly linked to APT41 and other Chinese groups such as the Tonto Team. Known for its rapid attacks an
Camaro Dragon
2
Camaro Dragon, a Chinese state-sponsored threat actor also known as Stately Taurus, Mustang Panda, Bronze President, Red Delta, Luminous Moth, and Earth Preta, has been active since at least 2012. In 2023, Checkpoint Research discovered a custom firmware image linked to Camaro Dragon that contained
Stately Taurus
2
Stately Taurus is a sophisticated malware associated with a Chinese Advanced Persistent Threat (APT) group that conducts cyberespionage campaigns. This group has been observed targeting government entities, as well as religious and non-governmental organizations across Europe and Asia. The malware i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Phishing
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
DoplugsUnspecified
2
DOPLUGS is a variant of the PlugX malware, developed and deployed by the China-linked Advanced Persistent Threat (APT) group Mustang Panda. Active since 2022, this unique malware has been used in targeted campaigns against various Asian countries including Taiwan, Vietnam, India, Japan, and China. U
Source Document References
Information about the Earth Preta Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
17 hours ago
Mustang Panda Feeds Worm-Driven USB Attack Strategy
Securityaffairs
3 months ago
China-linked spies target Asian Telcos since at least 2021
CERT-EU
7 months ago
Earth Preta Hackers Abuses Google Drive to Deploy DOPLUGS Malware
Trend Micro
7 months ago
Earth Preta Campaign Uses DOPLUGS to Target Asia
Unit42
10 months ago
Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific
CERT-EU
a year ago
Cybersecurity Threat 1H 2023 Brief with Generative AI
Unit42
a year ago
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda
Unit42
a year ago
Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
CERT-EU
a year ago
Earth Preta’s Cyberespionage Campaign Hits Over 200 | IT Security News
Trend Micro
a year ago
Earth Preta Updated Stealthy Strategies
Trend Micro
a year ago
Earth Preta’s Cyberespionage Campaign Hits Over 200