The Earth Krahang hacker group, identified as a Chinese Advanced Persistent Threat (APT), has executed a strategic hacking campaign targeting government organizations across multiple countries. Employing tactics such as exploiting internet-facing server vulnerabilities and spear-phishing emails, they have compromised critical infrastructures and engaged in cyberespionage activities. Their methods include leveraging breached government systems to attack other entities, deploying custom backdoors, and utilizing compromised email accounts for phishing initiatives. Trend Micro’s monitoring outlines the extensive reach and impact of this campaign, emphasizing the need for heightened cybersecurity measures and vigilance.
The Earth Krahang APT group, originating from China, has orchestrated a sophisticated hacking campaign infiltrating 70 organizations and targeting 116 entities in 45 countries, with predominant focus on government institutions. Utilizing techniques like exploiting server vulnerabilities and spear-phishing, the hackers have gained unauthorized access to networks for espionage purposes. By leveraging breached infrastructure, they create VPN servers for lateral movement and deploy malicious payloads through compromised accounts, including backdoors and tools like Cobalt Strike and XDealer, enabling data collection and command execution capabilities.
