Ethereal Panda

Threat Actor Profile Updated a month ago
Download STIX
Preview STIX
Ethereal Panda, also known as Flax Typhoon, is a significant threat actor believed to be operating out of China with a history of activities dating back to at least 2021. The group's operations primarily focus on entities in the academic, technology, and telecommunications sectors, particularly within Taiwan. Microsoft's Threat Intelligence team has been tracking Ethereal Panda's activities, noting that this group's actions overlap significantly with those of another nation-state-linked threat group, suggesting they may be one and the same or closely related. In late August, Microsoft linked Ethereal Panda to a cyber espionage campaign targeting numerous organizations in Taiwan. This association was part of an overall increase in attacks within Asia, which included several geopolitically motivated ransomware campaigns. The group's tactics include using SoftEther VPN executables to maintain access to victim networks, and deploying the GodZilla web shell, demonstrating sophisticated and persistent techniques. CrowdStrike, a cybersecurity firm, has also been monitoring the activities of Ethereal Panda. Their research further supports the notion that Ethereal Panda and Flax Typhoon are likely connected, given the overlapping nature of their operations. Despite the whimsical naming conventions in the cybersecurity industry, such as Ethereal Panda and Deadeye Hawk, these threat actors pose serious risks to network security and data integrity across various industries and regions.
What's your take? (Question 1 of 1)
5317960f-60cc-4235-9dd2-74fe5c3c11ea Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Flax Typhoon
4
Flax Typhoon, a threat actor believed to be linked with China, has been identified as a significant cybersecurity risk. This group is responsible for the execution of actions with malicious intent, which can range from data theft to disruption of services. The group's activities are part of an emerg
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ethereal Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
CrowdStrike Report Highlights Crucial Shift In Ransomware Tactics | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware
CERT-EU
9 months ago
Flax Typhoon Adopts Living-of-the-Land Binaries
CERT-EU
9 months ago
China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
CERT-EU
8 months ago
Ransomware attacks down in August after record levels in July
Securityaffairs
7 months ago
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
Checkpoint
9 months ago
28th August – Threat Intelligence Report - Check Point Research
Securityaffairs
9 months ago
China-linked Flax Typhoon APT targets Taiwan
BankInfoSecurity
9 months ago
Chinese State Hackers 'Flax Typhoon' Targeting Taiwan