Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
September 19, 2024 at 04:38AM Threat actor Earth Baxia targeted a government organization in Taiwan and possibly other APAC countries using spear-phishing emails and exploiting CVE-2024-36401, a GeoServer vulnerability. Earth Baxia deployed customized Cobalt Strike components and a new backdoor called EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery, with evidence … Read more