Skip to main content
Customer Support Customer Support

Chinese Earth Krahang hackers breach 70 orgs in 23 countries

  • March 18, 2024
  • 1 reply
  • 10 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

March 18, 2024 By Bill Toulas

 

China

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.

According to Trend Micro researchers monitoring the activity, the campaign has been underway since early 2022 and focuses primarily on government organizations.

Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.

Victims map
Victims (red) and targets (yellow) map (Trend Micro)

The attackers exploit vulnerable internet-facing servers and use spear-phishing emails to deploy custom backdoors for cyberespionage.

Earth Krahang abuses its presence on breached government infrastructure to attack other governments, builds VPN servers on compromised systems, and performs brute-forcing to crack passwords for valuable email accounts.

 

>> Full Article <<

    TripleHelix
    1 person likes this
    • TripleHelix
      TripleHelix

    1 reply

    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54

    The group uses pretty standard open source tooling and social engineering to burrow into high-level government agencies across the globe.

     

    March 18, 2024 By Nate Nelson

     

    A previously unidentified Chinese espionage group has managed to breach at least 70 organizations across 23 countries, including 48 in the government space, despite using rather standard-fare tactics, techniques, and procedures (TTPs).

    "Earth Krahang" doesn't seem to be a high-level military APT. In a new report, researchers from Trend Micro suggested that it may be one wing of iSoon, a private hack-for-hire operation contracted by the Chinese Communist Party (CCP). And fitting such a cybercrime operation, rather than employing ultra-sophisticated malware and stealth tactics, it uses an arsenal of largely open source and well-documented tools, plus one-day vulnerabilities and standard social engineering, to defeat its targets.

     

    >> Full Article <<

    ProTruckDriver
    Jasper_The_Rasper
    TripleHelix
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • TripleHelix
      TripleHelix

    Reply


    Terms & Conditions