Security News > 2024 > March > Chinese Earth Krahang hackers breach 70 orgs in 23 countries
A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.
Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.
Earth Krahang abuses its presence on breached government infrastructure to attack other governments, builds VPN servers on compromised systems, and performs brute-forcing to crack passwords for valuable email accounts.
Once inside the network, Earth Krahang uses the compromised infrastructure to host malicious payloads, proxy attack traffic, and use hacked government email accounts to target its colleagues or other governments with spear-phishing emails.
Trend Micro says it initially found ties between Earth Krahang and the China-nexus actor Earth Lusca, based on command and control overlaps, but determined that this is a separate cluster.
Hackers impersonate U.S. government agencies in BEC attacks.
News URL
Related news
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Chinese hackers breached T-Mobile's routers to scope out network (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- U.S. org suffered four month intrusion by Chinese hackers (source)
- Chinese hackers use Visual Studio Code tunnels for remote access (source)