March 19, 2024 at 05:10PM
Chinese cyberspies, known as Earth Krahang, have targeted at least 70 organizations, predominantly government entities, and over 116 victims globally. They utilize phishing emails, brute-force attacks for credential theft, and custom backdoors to compromise servers and infringe on government infrastructure. The group also has connections to other state-backed gangs and uses open-source scanning tools for cyberespionage.
Based on the meeting notes, here are the key takeaways:
– A Chinese cyberspy group known as Earth Krahang has compromised over 70 organizations, mainly government entities, and targeted more than 116 victims globally.
– The group uses tactics such as exploiting public-facing servers, phishing emails, and brute-force attacks to gain unauthorized access to government infrastructure and steal victims’ emails.
– Victims of Earth Krahang are spread across 23 countries, with a primary focus on government organizations, but also targeting education, telecommunications, and other sectors.
– There are potential connections between Earth Krahang and another China state-backed group, Earth Lusca, and potential links to I-Soon, a Chinese security contractor.
– The group uses open-source and vulnerability-scanning tools to find entry points into web servers, exploits known vulnerabilities such as CVE-2023-32315 and CVE-2022-21587, and uses phishing emails with geopolitical-themed lures to backdoor victims’ machines.
– Earth Krahang has been using custom backdoors, RESHELL and XDealer, with the latter having more capabilities and able to target both Windows and Linux machines.
– Trend recommends organizations train employees to avoid phishing and social engineering attacks, ensure software is up-to-date, and install security patches to prevent cyber intrusions.
These clear takeaways provide a summary of the significant points from the meeting notes. Let me know if you need further assistance or additional information.