#EarthEstries

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

November 26, 2024 by Xynik

November 26, 2024 at 06:18AM The Chinese threat actor Earth Estries has been targeting Southeast Asian telecommunications and government networks using a new backdoor, GHOSTSPIDER, along with MASOL RAT. Compromising over 20 entities globally, they exploit various vulnerabilities for cyber espionage, showcasing advanced tactics and a sophisticated operational structure. Recent attacks indicate a significant evolution … Read more

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

November 25, 2024 by Xynik

November 25, 2024 at 03:34AM Earth Estries, a Chinese APT group, has been targeting critical sectors globally since 2023, utilizing advanced malware like GHOSTSPIDER and SNAPPYBEE. Their tactics involve exploiting public server vulnerabilities for espionage, impacting over 20 organizations across various industries. They employ a complex command-and-control infrastructure, indicating shared tools with other APTs. **Meeting … Read more

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

November 8, 2024 by Xynik

November 8, 2024 at 04:49AM Earth Estries utilizes two distinct attack chains, exploiting vulnerabilities especially in Microsoft Exchange servers. The first chain employs CAB-delivered tools like PsExec and Cobalt Strike for lateral movement. The second chain uses web shells and backdoors like Zingdoor for data exfiltration. Continuous updates confirm their persistent threat. ### Meeting Takeaways … Read more