Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Earth Alux Targets Critical Sectors Globally

April 1, 2025
Reading Time: 2 mins read
in Alerts
Apple Warns of New Zero Day Vulnerabilities

Earth Alux, a China-linked advanced persistent threat (APT) group, has disrupted the cybersecurity landscape since 2023. Initially focusing on Asia-Pacific countries, it expanded operations to Latin America by mid-2024, targeting sectors like government, technology, logistics, and telecommunications. The group conducts extensive espionage operations, using vulnerable services on exposed servers to implant web shells such as GODZILLA, facilitating malware delivery.

The primary backdoor used by Earth Alux is VARGEIT, which maintains persistence and executes malicious operations. VARGEIT works alongside COBEACON, helping the attackers maintain control across multiple stages of their attacks. Trend Micro researchers note that the group employs sophisticated techniques to test and deploy its tools in target environments, ensuring stealth and longevity in its operations. This enables them to collect data over extended periods.

Once Earth Alux infiltrates a network, its focus shifts to long-term data collection and exfiltration. The group targets industries such as manufacturing, telecommunications, and IT services, where their activities can lead to operational disruptions and significant financial losses. VARGEIT’s capabilities, such as file manipulation, process monitoring, and command line execution, enable the attackers to stay undetected while executing their missions.

A distinctive feature of VARGEIT is its use of the mspaint injection technique. Instead of dropping files onto the system, the malware injects shellcode into mspaint.exe, making it harder for security systems to detect. This technique facilitates activities like network reconnaissance and data exfiltration, with the malware connecting to cloud storage to send sensitive information back to the attackers. The evolving sophistication of Earth Alux’s tactics showcases the growing threat of cyber espionage.

Reference:
  • Earth Alux APT Targets Government Sectors in Asia Pacific and Latin America
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

NCC Urges Windows 11 Upgrade Cyber Defenses

July 15, 2025
FBI Seizes Multiple Game Piracy Sites

FBI Seizes Multiple Game Piracy Sites

July 15, 2025
Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025

Latest Alerts

NCC Urges Windows 11 Upgrade Cyber Defenses

FBI Seizes Multiple Game Piracy Sites

XORIndex Malware DPRK npm Attack

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Subscribe to our newsletter

    Latest Incidents

    Elmo Impersonator Posts Antisemitic Content

    PET Imaging Phishing Attack Hits

    Louis Vuitton Data Breach Global Impact

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial