#EarthKasha

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

by

November 26, 2024 at 03:32AM Trend Micro reports a new spear-phishing campaign by Earth Kasha targeting Japan, using tactics involving the backdoor ANEL and the malware NOOPDOOR. This operation shifts focus from enterprises to individuals in sensitive sectors. The campaign employs sophisticated infection vectors and evasion techniques, necessitating ongoing vigilance and threat intelligence monitoring. ### … Read more

CISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks

by

November 26, 2024 at 12:48AM The U.S. CISA added a critical vulnerability (CVE-2023-28461) affecting Array Networks AG to its KEV catalog due to active exploitation. The flaw allows remote code execution without authentication. Agencies are urged to apply patches by December 16, 2024, as the China-linked group Earth Kasha exploits similar vulnerabilities. ### Meeting Takeaways … Read more

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

by

November 19, 2024 at 03:59AM The blog analyzes Earth Kasha’s LODEINFO malware campaign targeting Japan, Taiwan, and India from 2023-2024. It highlights updated tactics, techniques, and procedures (TTPs), including exploiting vulnerabilities in public-facing applications, credential theft, and the use of various backdoors like LODEINFO and NOOPDOOR. The report draws connections with APT10 umbrella activities. ### … Read more