Excerpt from TheRegister Article, Published on Mar 19, 2024

Security researchers have uncovered a widespread cyber-espionage campaign orchestrated by Chinese cyberspies, compromising over 70 organizations, predominantly government entities, and targeting more than 116 victims worldwide.

The hacking group, known as Earth Krahang and allegedly backed by Beijing, employs sophisticated tactics, including exploiting public-facing servers and utilizing phishing emails to deploy two custom backdoor, as revealed by Trend Micro, a leading cybersecurity firm monitoring the campaign since early 2022.

Joseph Chen and Daniel Lunghi, researchers at Trend Micro, stated, “One of the threat actor’s favorite tactics involves using its malicious access to government infrastructure to attack other government entities, abusing the infrastructure to host malicious payloads, proxy attack traffic, and send spear-phishing emails to government-related targets using compromised government email accounts.” In addition to government organizations, Earth Krahang has also targeted sectors such as education, telecommunications, and others, with victims spanning 23 countries across Asia, America, Europe, and Africa.

Notably, Earth Krahang shares several connections with another state-backed Chinese group, Earth Lusca, and is speculated to have links with I-Soon, a Chinese security contractor implicated in extensive hacking campaigns against foreign governments, as revealed by leaked documents on GitHub.

Utilizing open-source scanning and vulnerability-scanning tools like sqlmap, nuclei, and WordPress scan, Earth Krahang exploits vulnerabilities such as CVE-2023-32315 in Open Fire and CVE-2022-21587 in Oracle Web Applications Desktop Integrator to infiltrate systems.

The group employs phishing emails with geopolitical-themed lures, enticing victims with subjects like “Malaysian Ministry of Defense Circular” and “ICJ public hearings- Guyana vs. Venezuela,” aiming to deceive recipients into opening malicious attachments or clicking on URLs, thereby facilitating unauthorized access to victims’ machines.

The discovery of Earth Krahang’s operations underscores the ongoing threat posed by state-sponsored cyber-espionage, highlighting the need for robust cybersecurity measures and international cooperation to combat such malicious activities in cyberspace.

To delve deeper into this topic, please read the full article on TheRegister.