Earth Preta Attack Identified
The attacks, which Trend Micro has observed in the wild, appear to be the centerpiece of a wide scale espionage campaign carried out by a notorious APT group dubbed Earth Preta (aka, Mustang Panda and Bronze President) that began around March 2022. At this point, the operatives have targeted Myanmar, Australia, the Philippines, Japan and Taiwan, but there is reason to believe that other countries have been earmarked by the crew. Here’s how an attack works: (via Trend Micro)Spear Phishing Emails Linked to Google Drive
In its observations in the wild, Trend Micro discovered that the senders of the spear phishing emails and the owners of Google Drive links are the same. As Trend Micro researchers wrote:“Based on the sample documents that were used for luring the victims, we also believe that the attackers were able to conduct research and, potentially, prior breaches on the target organizations that allowed for familiarity, as indicated in the abbreviation of names from previously compromised accounts. Some of the emails’ subjects and contents discuss geopolitical topics, while others might contain sensational subjects. All of the emails Trend Micro analyzed had the Google Drive links embedded in them."