Ethereal Panda

Threat Actor updated 2 months ago (2024-07-09T13:17:41.705Z)

Download STIX

Preview STIX

Ethereal Panda, also known as Flax Typhoon, is a threat actor believed to be based in China. The activities of this group strongly overlap with those reported under the aliases Flax Typhoon by Microsoft and Ethereal Panda by CrowdStrike. This correlation suggests that Ethereal Panda operates as a nation-state-linked threat group, indicating its potential ties to the Chinese government. According to CrowdStrike's reports, Ethereal Panda has been active since at least 2021, utilizing similar tactics, techniques, and procedures (TTPs) including the use of the open-source webshell Godzilla. In late August, Microsoft linked the Chinese Advanced Persistent Threat (APT) group Flax Typhoon, aka Ethereal Panda, to a cyber espionage campaign targeting numerous organizations in Taiwan. This campaign was part of an overall increase in attacks within Asia, highlighting the geopolitical motivations behind these actions. RedJuliett, another alias for this threat actor, also shows significant overlap with public reporting on Flax Typhoon and Ethereal Panda, further solidifying their connection. The threat posed by Ethereal Panda is significant due to its suspected nation-state backing and its focus on high-profile targets such as Taiwanese organizations. Its use of sophisticated TTPs and tools like the Godzilla webshell indicates a high level of technical capability. As cybersecurity industry continues to track and report on Ethereal Panda's activities, it's crucial for organizations, particularly those in Asia, to remain vigilant and proactive in their cyber defense strategies.

Description last updated: 2024-07-09T13:16:10.782Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Flax Typhoon	6	Flax Typhoon, a threat actor linked to China, has been identified as the perpetrator behind a series of cyber attacks targeting Taiwan. The group is known for its unique approach, utilizing minimal malware and custom payloads, but heavily relying on legitimate applications instead. This tactic allow
Redjuliett	2	RedJuliett, a Chinese state-sponsored threat group, has been implicated in persistent espionage attacks on approximately 75 organizations since 2023. This information was reported by Insikt Group, the threat research arm of Recorded Future. The targeted organizations span across government, academic

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Ethereal Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Recorded Future	2 months ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
InfoSecurity-magazine	2 months ago	China-Based RedJuliett Targets Taiwan in Cyber Espionage Campaign
Recorded Future	2 months ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
CERT-EU	a year ago	CrowdStrike Report Highlights Crucial Shift In Ransomware Tactics \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
Securityaffairs	a year ago	MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
CERT-EU	a year ago	Flax Typhoon Adopts Living-of-the-Land Binaries
CERT-EU	a year ago	Ransomware attacks down in August after record levels in July
BankInfoSecurity	a year ago	Chinese State Hackers 'Flax Typhoon' Targeting Taiwan
Securityaffairs	a year ago	China-linked Flax Typhoon APT targets Taiwan
CERT-EU	a year ago	China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
Checkpoint	a year ago	28th August – Threat Intelligence Report - Check Point Research