Earth Preta

Threat Actor updated 23 days ago (2024-11-29T14:33:47.177Z)
Download STIX
Preview STIX
Earth Preta, also known as Mustang Panda or Stately Taurus, is a high-profile threat actor group that has been actively executing cyberattacks with malicious intent. Their activities have been particularly prevalent in the Asia Pacific (APAC) region and Europe. The group employs a variety of tools and malware for command and control (C&C) stages, including backdoor functionalities inferred from internal strings and APIs used by the group. Previous research disclosed a new campaign initiated by Earth Preta that targeted governments worldwide through spear-phishing techniques. The group's attacks are highly targeted and time-sensitive, often involving rapid deployment and data exfiltration. They focus on specific countries and sectors within the APAC region, suggesting an execution of highly targeted operations. A notable strategy employed by Earth Preta involves the use of malware-loaded USB drives, a method that saw a resurgence during and post the COVID-19 pandemic. Additionally, the group has been linked to the Fireant group and has been observed using a variant of the DOPLUGS malware to target Asian countries. Despite attempts to attribute some of the activities of CeranaKeeper to Mustang Panda, it was decided to track this activity cluster as the work of CeranaKeeper. However, similarities among the Tactics, Techniques, and Procedures (TTPs), the malware used, and the timeline of the campaigns allowed for attribution of some activities to Earth Preta. Given their continued activity, especially in the APAC region, it is likely that Earth Preta will remain a significant threat in the foreseeable future.
Description last updated: 2024-10-03T11:15:51.335Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mustang Panda is a possible alias for Earth Preta. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modif
4
Stately Taurus is a possible alias for Earth Preta. Stately Taurus, also known as Mustang Panda, Bronze President, Camaro Dragon, Earth Preta, Luminous Moth, and Red Delta, is a sophisticated malware that has been used in cyber-espionage campaigns primarily targeting government entities in Southeast Asia. It is believed to be associated with China's
3
Camaro Dragon is a possible alias for Earth Preta. Camaro Dragon, a Chinese state-sponsored threat actor also known as Mustang Panda, Bronze President, RedDelta, Luminous Moth, Earth Preta, and Stately Taurus, has been identified as a significant cybersecurity concern. The group has been active since at least 2012 and is known for its sophisticated
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Phishing
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Doplugs Malware is associated with Earth Preta. DOPLUGS is a variant of the PlugX malware, developed and deployed by the China-linked Advanced Persistent Threat (APT) group Mustang Panda. Active since 2022, this unique malware has been used in targeted campaigns against various Asian countries including Taiwan, Vietnam, India, Japan, and China. UUnspecified
2