Since 2022, we’ve been following a series of cyberespionage efforts carried out by multiple groups carried from an old campaign. It combines the collective activities carried out by subgroups of advanced persistent threat (APT) group Earth Preta (also known as Mustang Panda), representing a comprehensive network of operations for gathering sensitive information from various entities. An analysis of their deployments also revealed a level of coordination and collaboration.
Through extensive analysis and as of this writing, we discovered over 200 victims, leading to a wider intelligence analysis of the groups’ goals, different operation groups, and tactics, techniques, and procedures (TTPs). Our study aimed at understanding the different phases and facets involved in this operation, shedding light on the motives and techniques used by Earth Preta to provide valuable insights and aid in the development of effective countermeasures.