Ethereal Panda

Threat Actor updated a month ago (2024-11-29T13:43:40.639Z)
Download STIX
Preview STIX
Ethereal Panda, also known as Flax Typhoon or RedJuliett, is a threat actor believed to be linked to the Chinese government. This group has been involved in various cyber espionage activities targeting organizations primarily in Taiwan. Reports from cybersecurity firms such as Microsoft and CrowdStrike have identified significant overlaps in the activities of these aliases, suggesting that they are indeed the same entity operating as a nation-state-linked threat group based in China. In late August, Microsoft linked Ethereal Panda (Flax Typhoon) to a widespread cyber espionage campaign against numerous Taiwanese organizations. Similarly, Insikt Group's report noted that "RedJuliett closely overlaps with public reporting under the aliases Flax Typhoon (Microsoft) and Ethereal Panda (CrowdStrike)." These findings indicate that the group utilizes sophisticated tactics, techniques, and procedures (TTPs), including the use of open-source webshell Godzilla, to carry out their malicious activities. Furthermore, in the previous month, Lumen Technologies' Black Lotus Labs detailed a botnet controlled by this Chinese espionage group. The botnet infected over 260,000 devices globally using a modified version of the Mirai internet-of-things malware, compromising routers, modems, IP cameras, NAS servers, and digital video recorders. This level of activity underscores the significant threat posed by Ethereal Panda and its associated entities, highlighting the need for robust cybersecurity measures to counter their operations.
Description last updated: 2024-10-07T17:16:19.466Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Flax Typhoon is a possible alias for Ethereal Panda. Flax Typhoon is a threat actor reportedly linked to China that has been actively targeting Taiwan, as well as other regions globally. This group, also known by aliases such as RedJuliett and Ethereal Panda, has been implicated in cyberespionage activities against critical infrastructure entities, go
6
Redjuliett is a possible alias for Ethereal Panda. RedJuliett, also known as Flax Typhoon and Ethereal Panda, is a China-linked Advanced Persistent Threat (APT) group that has been reported to control a botnet for malicious activities. This state-sponsored group has been persistently launching espionage attacks on numerous organizations since 2023.
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Chinese
Botnet
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Ethereal Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more