Security News > 2023 > August > Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents

A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit activities," Trend Micro researchers Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, and Gilbert Sison said.

Active since at least 2020, Earth Estries is said to share tactical overlaps with another nation-state group tracked as FamousSparrow, which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange Server to penetrate hospitality, government, engineering, and legal sectors.

The adversary has been observed employing an arsenal of backdoors and hacking tools, including backdoors, browser data stealers, and port scanners to enhance data collection.

Further lending legitimacy to the adversary's espionage motives is its proclivity towards regularly cleaning and redeploying its backdoors on the infected host in an attempt to reduce the risk of exposure and detection.

"Earth Estries relies heavily on DLL side-loading to load various tools within its arsenal," the researchers said.

A majority of the command-and-control servers are located in the U.S., India, Australia, Canada, China, Japan, Finland, South Africa, and the U.K. "By compromising internal servers and valid accounts, the threat actors can perform lateral movement within the victim's network and carry out their malicious activities covertly," the researchers said.

News URL

https://thehackernews.com/2023/08/earth-estries-espionage-campaign.html