In the world of cybersecurity, spear-phishing attacks are becoming increasingly common and dangerous. Since March of 2022, we have been closely monitoring a significant wave of such attacks targeting various sectors, including government, academic, foundations, and research sectors across the globe. This seemingly wide outbreak of targeted attacks has affected not only countries like Myanmar, Australia, the Philippines, Japan, and Taiwan but also many other regions.

During our investigation, we have identified several malware families that have been used in these attacks, including TONEINS, TONESHELL, and PUBLOAD. These samples have been linked to a notorious advanced persistent threat (APT) group known as Earth Preta, which is also referred to as Mustang Panda and Bronze President. It is widely believed that this APT group is backed by a state actor, and their tactics, techniques, and procedures (TTPs) are highly sophisticated.

In recent times, we have noticed that the actors behind these spear-phishing attacks have become more creative and sophisticated in their approach. They have been actively changing their TTPs to bypass security solutions, which is making it challenging for security experts to detect and defend against their attacks. Moreover, we have also discovered that the attackers are using some intriguing tools for exfiltration, which can make it harder to track their movements.

As we continue to investigate these attacks, we will share the technical details of this campaign to help organizations better understand the nature and extent of the threat they face. We advise all organizations to remain vigilant and take the necessary steps to strengthen their cybersecurity posture to prevent any potential breaches. It is imperative that they stay up-to-date with the latest cybersecurity trends and invest in state-of-the-art security solutions to safeguard their digital assets.