Security News > 2024 > March > Chinese Earth Krahang hackers breach 70 orgs in 23 countries
A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.
Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.
Earth Krahang abuses its presence on breached government infrastructure to attack other governments, builds VPN servers on compromised systems, and performs brute-forcing to crack passwords for valuable email accounts.
Once inside the network, Earth Krahang uses the compromised infrastructure to host malicious payloads, proxy attack traffic, and use hacked government email accounts to target its colleagues or other governments with spear-phishing emails.
Trend Micro says it initially found ties between Earth Krahang and the China-nexus actor Earth Lusca, based on command and control overlaps, but determined that this is a separate cluster.
Hackers impersonate U.S. government agencies in BEC attacks.
News URL
Related news
- Chinese hackers breach US local governments using Cityworks zero-day (source)
- Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)