Ethereal Panda

Threat Actor updated 2 months ago (2024-10-07T18:01:10.112Z)

Download STIX

Preview STIX

Ethereal Panda, also known as Flax Typhoon or RedJuliett, is a threat actor believed to be linked to the Chinese government. This group has been involved in various cyber espionage activities targeting organizations primarily in Taiwan. Reports from cybersecurity firms such as Microsoft and CrowdStrike have identified significant overlaps in the activities of these aliases, suggesting that they are indeed the same entity operating as a nation-state-linked threat group based in China. In late August, Microsoft linked Ethereal Panda (Flax Typhoon) to a widespread cyber espionage campaign against numerous Taiwanese organizations. Similarly, Insikt Group's report noted that "RedJuliett closely overlaps with public reporting under the aliases Flax Typhoon (Microsoft) and Ethereal Panda (CrowdStrike)." These findings indicate that the group utilizes sophisticated tactics, techniques, and procedures (TTPs), including the use of open-source webshell Godzilla, to carry out their malicious activities. Furthermore, in the previous month, Lumen Technologies' Black Lotus Labs detailed a botnet controlled by this Chinese espionage group. The botnet infected over 260,000 devices globally using a modified version of the Mirai internet-of-things malware, compromising routers, modems, IP cameras, NAS servers, and digital video recorders. This level of activity underscores the significant threat posed by Ethereal Panda and its associated entities, highlighting the need for robust cybersecurity measures to counter their operations.

Description last updated: 2024-10-07T17:16:19.466Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Flax Typhoon is a possible alias for Ethereal Panda. Flax Typhoon is a threat actor reportedly linked to China that has been actively targeting Taiwan, as well as other regions globally. This group, also known by aliases such as RedJuliett and Ethereal Panda, has been implicated in cyberespionage activities against critical infrastructure entities, go	6
Redjuliett is a possible alias for Ethereal Panda. RedJuliett, also known as Flax Typhoon and Ethereal Panda, is a China-linked Advanced Persistent Threat (APT) group that has been reported to control a botnet for malicious activities. This state-sponsored group has been persistently launching espionage attacks on numerous organizations since 2023.	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Chinese

Botnet

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Ethereal Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	2 months ago	Feds Probe Chinese 'Salt Typhoon' Hack of Major Telcos
Securityaffairs	2 months ago	China-linked APT group Salt Typhoon compromised some US ISPs
InfoSecurity-magazine	2 months ago	Western Agencies Warn Risk from Chinese-Controlled Botnet
Securityaffairs	2 months ago	Experts warn of China-linked APT's Raptor Train IoT Botnet
Recorded Future	4 months ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
InfoSecurity-magazine	5 months ago	China-Based RedJuliett Targets Taiwan in Cyber Espionage Campaign
Recorded Future	5 months ago	Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation \| Recorded Future
CERT-EU	2 years ago	CrowdStrike Report Highlights Crucial Shift In Ransomware Tactics \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
Securityaffairs	a year ago	MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
CERT-EU	a year ago	Flax Typhoon Adopts Living-of-the-Land Binaries
CERT-EU	a year ago	Ransomware attacks down in August after record levels in July
BankInfoSecurity	a year ago	Chinese State Hackers 'Flax Typhoon' Targeting Taiwan
Securityaffairs	a year ago	China-linked Flax Typhoon APT targets Taiwan
CERT-EU	a year ago	China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors
Checkpoint	a year ago	28th August – Threat Intelligence Report - Check Point Research