The hacker group Earth Preta uses new cyber attack methods

Waves of cyber attacks using removable storage devices and spear phishing campaigns

[datensicherheit.de, 14.09.2024] Trend Micro comments in a recent blog post on the Hacker group “Earth Preta” (also called “Mustang Panda”): This is therefore a new wave of attacks on “Self-propagating malware that spreads via removable media, as well as spear phishing campaigns”. These attacks are currently mainly targeting government agencies in the Asia-Pacific region (APAC). The group uses removable media as an infection vector and engages in cyber espionage to control systems and steal data. Trend Micro says it has recently reported an increase in activity Chinese threat actors, including Earth Preta.

Richard Werner reminiscent of “Stuxxnet” – This malware was intended to sabotage the Iranian nuclear program, for example, via USB sticks belonging to service technicians, but has also been detected outside of Iran…

Cyber ​​worms basically attack everything that is vulnerable

Richard Werner, Security Advisor at Trend Micro, comments on the activities of the hacker group “Earth Preta”: “Worms – in this case the self-propagating software used – have gone a little out of fashion. An infection via them is extremely fast and therefore clearly noticeable compared to other attack methods.”

So-called worms are also not selective, but in principle attack everything that is vulnerable. “This means that, for example, a state attacker also runs the risk of causing damage to one’s own infrastructure.”explains Werner.

To reduce this risk, the perpetrator used the propagation method “removable storage devices” (e.g. USB sticks) – if complicate things and entail other risks.

Cyber ​​infection via removable storage media carries the risk of use outside the intended area of ​​application

Firstly, the attacker would have to manage “That the malicious routine also reaches the desired target – which only works if the victim also uses this type of data storage device”On the other hand, the probability increases with each additional – no longer controllable by the attacker – Compromise, “That he will be discovered and his entire operation will be exposed”Even with removable storage device infections, there is a possibility that they will be used outside of their intended area of ​​application.

The harmful variant “Stuxxnet” For example, the Iranian nuclear program should be sabotaged using service technicians’ USB sticks. Werner Recalls: “However, they were also detected outside Iran, as the same USB sticks were used internationally by uninitiated service technicians.”

Werner sees an immediate threat to Germany only insofar as it is a great interest in meaningful data give and the “The Chinese government’s hunger for data” Werner’s conclusion is noteworthy: “The fact that we in Germany are also openly discussing data retention, for example, shows me that in democratic constitutional states, intended uses would be relevant.”

Further information on the topic:

TREND MICROLenart Bermejo & Sunny Lu & Ted Lee, September 9th, 2024
Malware / Earth Preta continues to evolve its attacks with new malware and strategies