Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky

admin by admin
October 10, 2022
in Ethical Hackers


A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky.

“Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan,” Trend Micro disclosed in a technical profile last week.

Earth Aughisky, also known as Taidoor, is a cyber espionage group that’s known for its ability to abuse legitimate accounts, software, applications, and other weaknesses in the network design and infrastructure for its own ends.

While the Chinese threat actor has been known to primarily target organizations in Taiwan, victimology patterns observed towards late 2017 indicate an expansion to Japan.

CyberSecurity

The most commonly targeted industry verticals include government, telcom, manufacturing, heavy, technology, transportation, and healthcare.

Attack chains mounted by the group typically leverage spear-phishing as a method of entry, using it to deploy next-stage backdoors. Chief among its tools is a remote access trojan called Taidoor (aka Roudan).

The group has also been linked to a variety of malware families, such as GrubbyRAT, K4RAT, LuckDLL, Serkdes, Taikite, and Taleret, as part of its attempts to consistently update its arsenal to evade security software.

Cyberespionage Group Earth Aughisky

Some of the other notable backdoors employed by Earth Aughisky over the years are as follows –

  • SiyBot, a basic backdoor that uses public services like Gubb and 30 Boxes for command-and-control (C2)
  • TWTRAT, which abuses Twitter’s direct message feature for C2
  • DropNetClient (aka Buxzop), which leverages the Dropbox API for C2

Trend Micro’s attribution of the malware strains to the threat actor is based on the similarities in source code, domains, and naming conventions, with the analysis also uncovering functional overlaps between them.

CyberSecurity

The cybersecurity firm also linked the activities of Earth Aughisky to another APT actor codenamed by Airbus as Pitty Tiger (aka APT24) based on the use of the same dropper in various attacks that transpired between April and August 2014.

2017, the year when the group set its sights on Japan and Southeast Asia, has also been an inflection point in the way the volume of the attacks has exhibited a significant decline since then.

Despite the longevity of the threat actor, the recent shift in targets and activities likely suggests a change in strategic objectives or that the group is actively revamping its malware and infrastructure.

“Groups like Earth Aughisky have sufficient resources at their disposal that allow them the flexibility to match their arsenal for long-term implementations of cyber espionage,” Trend Micro researcher CH Lei said.

“Organizations should consider this observed downtime from this group’s attacks as a period for preparation and vigilance for when it becomes active again.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Ready To Go Phishing Platform

Next Post

ExpressVPNクーポン:49%OFF+3ヶ月無料(2022October確認済み)

Next Post

ExpressVPNクーポン:49%OFF+3ヶ月無料(2022October確認済み)

Recommended

Bash Tool Used For Proactive Detection Of Malicious Activity On macOS Systems

3 weeks ago

A Python Equivalent Of PowerView’s Invoke-ShareFinder.ps1 Allowing To Quickly Find Uncommon Shares In Vast Windows Domains

1 week ago

© Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.