Security News > 2024 > March > Chinese Earth Krahang hackers breach 70 orgs in 23 countries
A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.
Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.
Earth Krahang abuses its presence on breached government infrastructure to attack other governments, builds VPN servers on compromised systems, and performs brute-forcing to crack passwords for valuable email accounts.
Once inside the network, Earth Krahang uses the compromised infrastructure to host malicious payloads, proxy attack traffic, and use hacked government email accounts to target its colleagues or other governments with spear-phishing emails.
Trend Micro says it initially found ties between Earth Krahang and the China-nexus actor Earth Lusca, based on command and control overlaps, but determined that this is a separate cluster.
Hackers impersonate U.S. government agencies in BEC attacks.
News URL
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Finland confirms APT31 hackers behind 2021 parliament breach (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Hacker claims Giant Tiger data breach, leaks 2.8M records online (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)