Security News > 2024 > March > Beijing-backed cyberspies attacked 70+ orgs across 23 countries

Chinese cyberspies have compromised at least 70 organizations, mostly government entities, and targeted more than 116 victims across the globe, according to security researchers.

"One of the threat actor's favorite tactics involves using its malicious access to government infrastructure to attack other government entities, abusing the infrastructure to host malicious payloads, proxy attack traffic, and send spear-phishing emails to government-related targets using compromised government email accounts," Joseph Chen and Daniel Lunghi said in research published on Monday.

While government organizations seem to be the gang's primary focus - the security shop says it found at least 48 compromised government entities with another 49 being targeted - it also goes after education, telecommunications and other sectors.

Earth Krahang typically steals hundreds of email addresses from its victims, and then uses the compromised accounts to phish other government targets.

"In one case, the actor used a compromised mailbox from a government entity to send a malicious attachment to 796 email addresses belonging to the same entity," Chen and Lunghi wrote.

Considering the gang's preference for high-value targets, and their use of compromised government infrastructure for espionage purposes, Trend recommends organizations train their employees on how to avoid phishing and other social engineering attacks.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/19/china_cyberspies_earth_krahang/