Archived version

• Earth Preta has upgraded its attacks, which now include the propagation of PUBLOAD via a variant of the worm HIUPAN
• Additional tools, such as FDMTP and PTSOCKET, were used to extend Earth Preta’s control and data exfiltration capabilities
• Another campaign involved spear-phishing emails with multi-stage downloaders like DOWNBAIT and PULLBAIT, leading to further malware deployments
• Earth Preta’s attacks are highly targeted and time-sensitive, often involving rapid deployment and data exfiltration, with a focus on specific countries and sectors within the APAC region

Earth Preta has been known to launch campaigns against valued targets in the Asia-Pacific (APAC). Recent observations on their attacks against various government entities in the region show that the threat group has updated their malware and strategies.