Security News > 2024 > March > Chinese Earth Krahang hackers breach 70 orgs in 23 countries
A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.
Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.
Earth Krahang abuses its presence on breached government infrastructure to attack other governments, builds VPN servers on compromised systems, and performs brute-forcing to crack passwords for valuable email accounts.
Once inside the network, Earth Krahang uses the compromised infrastructure to host malicious payloads, proxy attack traffic, and use hacked government email accounts to target its colleagues or other governments with spear-phishing emails.
Trend Micro says it initially found ties between Earth Krahang and the China-nexus actor Earth Lusca, based on command and control overlaps, but determined that this is a separate cluster.
Hackers impersonate U.S. government agencies in BEC attacks.
News URL
Related news
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Orange Group confirms breach after hacker leaks company documents (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)