Sophisticated Cyber-Espionage Group Earth Estries Exposed | CPT PPP Coverage
Cryptopolytech (CPT) Public Press Pass (PPP)
News of the Day COVERAGE
200000048 – World Newser
•| #World |•| #Online |•| #Media |•| #Outlet |
View more Headlines & Breaking News here, as covered by cryptopolytech.com
Sophisticated Cyber-Espionage Group Earth Estries Exposed appeared on www.infosecurity-magazine.com by Infosecurity Magazine.
A sophisticated cyber-espionage group named “Earth Estries” has been exposed by cybersecurity firm Trend Micro.
Operating since at least 2020, the group targets government and tech organizations in various countries, including the Philippines, Taiwan, Malaysia, South Africa, Germany and the US.
Earth Estries employs advanced tactics including PowerShell downgrade attacks and compromising accounts with administrative privileges to infiltrate networks. They use tools such as Cobalt Strike to move within networks, specifically focusing on PDF and DDF files.
“By compromising internal servers and valid accounts, the threat actors can perform lateral movement within the victim’s network and carry out their malicious activities covertly,” Trend Micro wrote in an advisory published on Wednesday.
The group’s toolkit comprises a range of tools, including the heavily obfuscated HTTP backdoor Zingdoor, an information stealer called TrillClient and HemiGate, another backdoor executed via DLL sideloading.
Read more on backdoor attacks: New Submarine Backdoor Used in Barracuda Campaign
“The use of Zingdoor as part of the routine to ensure that the backdoor cannot be unpacked easily drives additional challenges for analysts and security teams to make it more difficult to analyze,” Trend Micro explained.
To mask its activities, Earth Estries uses various domains for its command-and-control (C2) infrastructure and often hides behind content delivery networks (CDNs) to obscure its IP addresses.
While their primary targets are government and tech organizations, the group’s operations have broader implications, as evidenced by network traffic to Canadian C2 servers and toolset detections in India and Singapore. Additionally, similarities with the FamousSparrow group suggest a possible connection.
“Earth Estries is just another in a long line of advanced espionage groups. They appear to fully understand the network defenses and utilize living off the land (LOL) of their targets in order to go undetected,” commented David Mitchell, chief technical officer at HYAS.
“These techniques highlight the critical need to tie together endpoint and network telemetry to provide a more 360-degree view of what is happening on your infrastructure – advanced attackers know that most enterprises are blind to lateral network movement and are capitalizing on it.”
FEATURED ‘News of the Day’, as reported by public domain newswires.
View ALL Headlines & Breaking News here.
Source Information (if available)
This article originally appeared on www.infosecurity-magazine.com by Infosecurity Magazine – sharing via newswires in the public domain, repeatedly. News articles have become eerily similar to manufacturer descriptions.
We will happily entertain any content removal requests, simply reach out to us. In the interim, please perform due diligence and place any content you deem “privileged” behind a subscription and/or paywall.
CPT (CryptoPolyTech) PPP (Public Press Pass) Coverage features stories and headlines you may not otherwise see due to the manipulation of mass media.
First to share? If share image does not populate, please close the share box & re-open or reload page to load the image, Thanks!