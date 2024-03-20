A China-backed hacker group called Earth Krahang targeted more than 116 organizations and successfully breached at least 48 government organizations

A China-backed hacker group called Earth Krahang targeted more than 116 organizations and successfully breached at least 48 government organizations It is believed to be a part of Earth Lusca – a penetration team in the Chinese company i-Soon which is reportedly a state-backed hacking contractor

It is believed to be a part of Earth Lusca – a penetration team in the Chinese company i-Soon which is reportedly a state-backed hacking contractor The attack started in early 2022 and has mostly affected organizations from America and Asia

A China-backed threat actor has reportedly targeted more than 116 organizations and breached more than 70 in 23+ countries. Out of this, 48 government organizations have been compromised, 10 of which are of Foreign Affairs Ministries.

Other victims include government entities from the following sectors:

Finance

Finance Health

Health Military

Military Manufacturing

Manufacturing Education

Education Telecommunication sectors

Most of the breached sites belong to Asia and America but a small percentage of organizations from Europe and Africa have also made it to the list.

Researchers from Trend Micro said that the attack started sometime in early 2022 and has been primarily focused on government organizations since then.

The group behind the attack has been identified as “Earth Krahang” and is said to be a part of Earth Lusca which is a penetration team in a Chinese company called i-Soon.

Trend Micro said they came to this conclusion based on command and control (C2) overlaps. However, more research is needed to accurately establish the connection between these three parties.

How Did the Attack Happen?

The attack technique wasn’t very sophisticated. Here’s a step-wise breakdown of how the attack was carried out.