Earth Tengshe

Threat Actor updated 19 hours ago (2024-11-21T10:32:23.133Z)

Download STIX

Preview STIX

Earth Tengshe, also known as Bronze Riverside, is a threat actor believed to be associated with APT10, a notorious cyber espionage group. This entity has been involved in several malicious campaigns, including the "A41APT Campaign" and the "LODEINFO Campaign #1", suggesting a continuous pattern of activity aimed at compromising various industries. Earth Tengshe's methods involve the use of custom malware such as SigLoader, SodaMaster, P8RAT, FYAnti, and Jackpot, differing from those used by another subgroup, Earth Kasha, in the LODEINFO Campaign #2. In late 2021, Earth Tengshe targeted overseas subsidiaries and suppliers of Japanese manufacturing, engineering, electronics, automotive, energy, and technology companies, ostensibly to gain access to parent companies in Japan. This indicates a strategic focus on high-value targets that could provide valuable industrial and technological information. Both Earth Tengshe and Earth Kasha have shown a tendency to target public-facing applications, aiming to exfiltrate data and information within networks. This tactic is common among threat actors pursuing espionage or extortion objectives. APT10, the umbrella group to which Earth Tengshe and Earth Kasha belong, is characterized by its use of custom malware for espionage-related exploits across a wide range of regions. The possible shared operator resources or tactics, techniques, and procedures (TTPs) between Earth Tengshe and Earth Kasha suggest a coordinated approach towards their malicious activities. It is crucial to understand these patterns and similarities to develop effective countermeasures against such persistent threats.

Description last updated: 2024-11-21T10:29:11.874Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The APT10 Threat Actor is associated with Earth Tengshe. APT10, also known as menuPass, is a sophisticated threat actor believed to be operating on behalf of the Chinese Ministry of State Security (MSS). It has been active since at least 2006 and has been linked to numerous cyber espionage campaigns. The group utilizes advanced techniques and tools that a	Unspecified	2

Source Document References

Information about the Earth Tengshe Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Trend Micro	21 hours ago	Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
Trend Micro	5 months ago	Attackers in Profile: menuPass and ALPHV/BlackCat
CERT-EU	a year ago	Japan in the Crosshairs of Many State-Sponsored Threat Actors New Report Finds