Earth Tengshe

Earth Tengshe, also known as Bronze Riverside, is a threat actor originating from China and is considered a subset of the notorious Chinese Advanced Persistent Threat (APT10) group. The cybersecurity industry identifies this group for its malicious activities targeting various industries with significant economic and strategic value. In late 2021, Earth Tengshe notably targeted overseas subsidiaries and suppliers of Japanese companies in the manufacturing, engineering, electronics, automotive, energy, and technology sectors. The alleged intent behind these attacks was to gain unauthorized access to the parent companies based in Japan. The operational tactics of Earth Tengshe, along with another subgroup called Earth Kasha, typically involve targeting public-facing applications. Their primary objective is to exfiltrate data and information within the network, a common tactic among threat actors engaged in espionage or extortion. These groups focus on exploiting vulnerabilities in these applications to infiltrate systems and networks, extract valuable information, and potentially disrupt operations. Both Earth Tengshe and Earth Kasha are known to use custom malware for their espionage-related exploits across a wide range of regions. This indicates a high level of sophistication and adaptability, suggesting that they are well-resourced and capable of conducting advanced cyber-espionage campaigns. Therefore, organizations, particularly those in the targeted industries and regions, should prioritize enhancing their cybersecurity measures to protect against such threats.