Ethereal Panda

ETHEREAL PANDA is a China based intrusion set tracked by CrowdStrike and with suspected overlap with Flax Typhoon (an intrusion set tracked by Microsoft) and RedJuliett (tracked by Recorded Future). According to researchers at CrowdStrike, the group has been observed targeting academic, technology and telecomms sectors, primarily in Taiwan.

In one incident, ETHEREAL PANDA was observed exploiting an Apache Tomcat instance for initial access before pivoting to an exposed SQL server and attempting to dump credentials using ProcDump and Mimikatz. The group deployed SoftEther VPN and Godzilla JSP webshells to support ongoing access to the victim environment.

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/

github.com

https://github.com/jacobdjwilson/awesome-annual-security-reports/blob/4b6da0b9bc637176c125be6b27d974b59f668c02/Annual%20Security%20Reports/2023/Crowdstrike-Global-Threat-Report-2023.pdf

www.crowdstrike.com

https://www.crowdstrike.com/resources/reports/crowdstrike-2023-global-threat-report/

www.recordedfuture.com

https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter

www.crowdstrike.com

https://www.crowdstrike.com/adversaries/ethereal-panda/