Adrian Johnson
TLDR:
– Chinese APT, Earth Krahang, likely linked to Chinese contractor I-Soon, hacks 48 government organizations worldwide.
– Focus on cyberespionage targeting government entities, foreign affairs ministries, and other sectors.
Summary:
An advanced persistent threat (APT) actor known as Earth Krahang, believed to be associated with the Chinese government contractor I-Soon, has successfully compromised 48 government entities across the globe. Trend Micro’s report reveals that Earth Krahang has targeted at least 70 organizations in 23 countries, with a focus on cyberespionage. The group has also targeted 100 entities in 35 countries, including government organizations, foreign affairs ministries, and various sectors such as education, telecommunications, logistics, finance, healthcare, and manufacturing.
Earth Krahang has been observed compromising government infrastructure to host malicious payloads, proxy traffic, and sending spear-phishing emails to target other governmental entities. The group has utilized compromised government web servers to host backdoors, send download links, and abuse trust relationships between governments to conduct attacks.
The APT actor has been found using open source tools, exploiting vulnerabilities in software, and deploying custom backdoors like Cobalt Strike to maintain access to victim systems. Trend Micro’s investigation indicates links to other Chinese threat actors, suggesting connections to Earth Lusca and I-Soon’s penetration teams. The cybersecurity firm advises organizations to enhance security practices to defend against social engineering attacks and protect sensitive information from compromise.
