At a glance.
- Earth Krahang targets government entities around the world.
- Former telecommunications company manager pleads guilty to SIM swapping.
- An analysis of the Smoke Loader malware.
Earth Krahang targets government entities around the world.
Researchers at Trend Micro are tracking a cyberespionage campaign by a China-nexus threat actor they've dubbed "Earth Krahang." The campaign has breached seventy government organizations in twenty-three different countries, with a strong focus on Southeast Asia. In total, the group has targeted one-hundred-sixteen government entities across forty-five countries. Trend Micro states, "[I]n the case of one country, we found that the threat actor compromised a diverse range of organizations belonging to 11 different government ministries. We found that at least 48 government organizations were compromised, with a further 49 other government entities being targeted. Foreign Affairs ministries and departments were a top target, compromising 10 such organizations and targeting five others."
The group has a lesser focus on the education sector and the telecommunications industry.
The researchers believe Earth Krahang may be tied to Chinese government contractor I-Soon, which recently sustained a major data breach that exposed its operations. Trend Micro previously linked the company to a separate China-nexus threat actor dubbed "Earth Lusca." The researchers note, "Using this leaked information, we found that the company organized their penetration team into two different subgroups. This could be the possible reason why we saw two independent clusters of activities active in the wild but with limited association. Earth Krahang could be another penetration team under the same company."