Ethereal Panda

Threat Actor Profile Updated 18 days ago

Download STIX

Preview STIX

Ethereal Panda, also known as Flax Typhoon, is a threat actor believed to be based in China. The activities of this group strongly overlap with those reported under the aliases Flax Typhoon by Microsoft and Ethereal Panda by CrowdStrike. This correlation suggests that Ethereal Panda operates as a nation-state-linked threat group, indicating its potential ties to the Chinese government. According to CrowdStrike's reports, Ethereal Panda has been active since at least 2021, utilizing similar tactics, techniques, and procedures (TTPs) including the use of the open-source webshell Godzilla. In late August, Microsoft linked the Chinese Advanced Persistent Threat (APT) group Flax Typhoon, aka Ethereal Panda, to a cyber espionage campaign targeting numerous organizations in Taiwan. This campaign was part of an overall increase in attacks within Asia, highlighting the geopolitical motivations behind these actions. RedJuliett, another alias for this threat actor, also shows significant overlap with public reporting on Flax Typhoon and Ethereal Panda, further solidifying their connection. The threat posed by Ethereal Panda is significant due to its suspected nation-state backing and its focus on high-profile targets such as Taiwanese organizations. Its use of sophisticated TTPs and tools like the Godzilla webshell indicates a high level of technical capability. As cybersecurity industry continues to track and report on Ethereal Panda's activities, it's crucial for organizations, particularly those in Asia, to remain vigilant and proactive in their cyber defense strategies.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Flax Typhoon	6	Flax Typhoon, also known as RedJuliett and Ethereal Panda in different cybersecurity circles, is a threat actor linked to China that has been actively targeting Taiwan. The group's activities have been closely monitored by several cybersecurity firms, including Microsoft and CrowdStrike. The use of
Redjuliett	2	RedJuliett, a Chinese state-sponsored threat actor, has been actively targeting the infrastructure of approximately 75 organizations across government, academic, and technology sectors in multiple countries. The group is particularly focused on Taiwan, where it has launched attacks against 24 differ

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Espionage

Web Shell

Ransomware

Chinese

Source

Microsoft

Vpn

Webshell

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
DEADEYE	Unspecified	1	Deadeye is a sophisticated malware used in cyber-espionage operations, primarily deployed by the threat actor group known as APT41. This malware has been employed in multiple U.S. state government intrusions, where it was packaged using VMProtect and split into multiple sections on disk to evade ana
Godzilla Web Shell	Unspecified	1	The Godzilla Web Shell is a type of malware that has been used by threat actors to exploit vulnerabilities in systems. Malware, or malicious software, is a harmful program designed to infiltrate and damage computers or devices, often without the knowledge of the user. It can enter your system throug
Godzilla	Unspecified	1	Godzilla is a potent malware that allows attackers to remotely control compromised servers, execute arbitrary commands, upload and download files, manipulate databases, and perform other malicious activities. The malware was linked to a group known as Ethereal Panda by CrowdStrike due to their simil

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Ethereal Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Recorded Future	18 days ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
InfoSecurity-magazine	a month ago	China-Based RedJuliett Targets Taiwan in Cyber Espionage Campaign
Recorded Future	a month ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
CERT-EU	a year ago	CrowdStrike Report Highlights Crucial Shift In Ransomware Tactics \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
Securityaffairs	9 months ago	MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
CERT-EU	a year ago	Flax Typhoon Adopts Living-of-the-Land Binaries
CERT-EU	10 months ago	Ransomware attacks down in August after record levels in July
BankInfoSecurity	a year ago	Chinese State Hackers 'Flax Typhoon' Targeting Taiwan
Securityaffairs	a year ago	China-linked Flax Typhoon APT targets Taiwan
CERT-EU	a year ago	China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
Checkpoint	a year ago	28th August – Threat Intelligence Report - Check Point Research