Home Security Researchers Element Malicious Instruments Utilized by Cyberespionage Group Earth Aughisky

Researchers Element Malicious Instruments Utilized by Cyberespionage Group Earth Aughisky

by crpt os


A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky.

“Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan,” Trend Micro disclosed in a technical profile last week.

Earth Aughisky, also known as Taidoor, is a cyber espionage group that’s known for its ability to abuse legitimate accounts, software, applications, and other weaknesses in the network design and infrastructure for its own ends.

While the Chinese threat actor has been known to primarily target organizations in Taiwan, victimology patterns observed towards late 2017 indicate an expansion to Japan.

CyberSecurity

The most commonly targeted industry verticals include government, telcom, manufacturing, heavy, technology, transportation, and healthcare.

Attack chains mounted by the group typically leverage spear-phishing as a method of entry, using it to deploy next-stage backdoors. Chief among its tools is a remote access trojan called Taidoor (aka Roudan).

The group has also been linked to a variety of malware families, such as GrubbyRAT, K4RAT, LuckDLL, Serkdes, Taikite, and Taleret, as part of its attempts to consistently update its arsenal to evade security software.

Some of the other notable backdoors employed by Earth Aughisky over the years are as follows –

  • SiyBot, a basic backdoor that uses public services like Gubb and 30 Boxes for command-and-control (C2)
  • TWTRAT, which abuses Twitter’s direct message feature for C2
  • DropNetClient (aka Buxzop), which leverages the Dropbox API for C2

Trend Micro’s attribution of the malware strains to the threat actor is based on the similarities in source code, domains, and naming conventions, with the analysis also uncovering functional overlaps between them.

CyberSecurity

The cybersecurity firm also linked the activities of Earth Aughisky to another APT actor codenamed by Airbus as Pitty Tiger (aka APT24) based on the use of the same dropper in various attacks that transpired between April and August 2014.

2017, the year when the group set its sights on Japan and Southeast Asia, has also been an inflection point in the way the volume of the attacks has exhibited a significant decline since then.

Despite the longevity of the threat actor, the recent shift in targets and activities likely suggests a change in strategic objectives or that the group is actively revamping its malware and infrastructure.

“Groups like Earth Aughisky have sufficient resources at their disposal that allow them the flexibility to match their arsenal for long-term implementations of cyber espionage,” Trend Micro researcher CH Lei said.

“Organizations should consider this observed downtime from this group’s attacks as a period for preparation and vigilance for when it becomes active again.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex