Read Time:1 Minute, 50 Second
Chinese nation-state hackers are using deceptive attack strategies to bypass security solutions.
Earth Preta is an advanced persistent threat (APT) responsible for delivering sophisticated, sustained cyberattacks wherein its presence is primarily undetected by the victim network. APTs aim to syphon confidential data in a gradual and untrackable manner.
In November 2022, Trend Micro, a company that helps its clients mitigate cyber risk within their business by providing valuable global threat studies and reports, released a news article regarding Earth Preta. They said that their spear-phishing attacks have already targeted several institutions.
“We have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents we observed in the wild, this is a large-scale cyberespionage campaign that began around March. After months of tracking, the seemingly wide outbreak of targeted attacks includes but is not limited to Myanmar, Australia, the Philippines, Japan, and Taiwan,” said Trend Micro.
In a recent discovery, cybersecurity researchers uncovered that this Chinese nation-state hacker group, known by several aliases, including Mustang Panda and Bronze President, operates under Earth Preta.
This group employs sophisticated spear-phishing tactics, utilising messages disguised as legitimate correspondence to deceive executives and employees within targeted organisations.
The researchers also discovered that in addition to utilising well-known legitimate tools, the threat actors behind Earth Preta had taken the time to create highly-customised, proprietary tools designed explicitly for exfiltration. Among these tools are NUPAKAGE and ZPAKAGE, both of which are tailored to collect Microsoft Office files, further demonstrating the group’s sophistication and dedication to developing advanced, effective cyber weaponry.
Trend Micro also said they found decoy documents related to government entities named Assistance and Recovery(china).exe and the Embassy of the Republic of Myanmar. Other decoy documents have diverse content themes, including regional affairs and pornography. However, no corresponding content appears when the victim opens the fake document file in this folder.
Once more, the results of Trend Micro’s recent investigation underscore the heightened pace at which Chinese cyber espionage actors are operating and their ongoing efforts to invest in and develop more sophisticated cyber weapons to avoid detection.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
