Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Cybercriminals operate on four continents at once, which indicates their global ambitions.
A group of hackers under the pseudonym Earth Estries is behind a new large-scale cyber espionage campaign targeting government agencies and technology companies in the Philippines, Taiwan, Malaysia, South Africa, Germany and the United States.
According to researchers at Trend Micro, hackers from Earth Estries operate with significant resources and have extensive experience in the field of cyber espionage. The group has been active since at least 2020. Its tactics overlap with another group called FamousSparrow, first discovered by ESET in 2021.
FamousSparrow exploited ProxyLogon vulnerabilities in Microsoft Exchange to hack organizations in the hospitality, government, engineering, and legal industries.
According to experts, FamousSparrow and Earth Estries also share common features with the UNC4841 group responsible for exploiting the recently discovered 0-day vulnerability in Barracuda ESG solutions.
Hackers use Cobalt Strike to gain a foothold in compromised systems, then quickly deploy additional malware to extend their control. Their arsenal includes various backdoors and data collection tools, including Zingdoor, TrillClient, and HemiGate.
To avoid detection, attackers regularly clean up and re-deploy their backdoors on infected hosts. They also use DLL Sideloading and PowerShell downgrade attacks to bypass detection mechanisms.
Hackers abuse public services like Github, Gmail, and Google Play to transmit commands and stolen data. File.io. Most of their management servers are located in the United States, India, Australia, Canada, and other countries.
By compromising internal servers, attackers are able to move unnoticed within the victim's network and conduct malicious activities. And the combination of social engineering techniques and technical techniques, such as PowerShell downgrade attacks, allows them to operate as covertly as possible.
A group of hackers under the pseudonym Earth Estries is behind a new large-scale cyber espionage campaign targeting government agencies and technology companies in the Philippines, Taiwan, Malaysia, South Africa, Germany and the United States.
According to researchers at Trend Micro, hackers from Earth Estries operate with significant resources and have extensive experience in the field of cyber espionage. The group has been active since at least 2020. Its tactics overlap with another group called FamousSparrow, first discovered by ESET in 2021.
FamousSparrow exploited ProxyLogon vulnerabilities in Microsoft Exchange to hack organizations in the hospitality, government, engineering, and legal industries.
According to experts, FamousSparrow and Earth Estries also share common features with the UNC4841 group responsible for exploiting the recently discovered 0-day vulnerability in Barracuda ESG solutions.
Hackers use Cobalt Strike to gain a foothold in compromised systems, then quickly deploy additional malware to extend their control. Their arsenal includes various backdoors and data collection tools, including Zingdoor, TrillClient, and HemiGate.
To avoid detection, attackers regularly clean up and re-deploy their backdoors on infected hosts. They also use DLL Sideloading and PowerShell downgrade attacks to bypass detection mechanisms.
Hackers abuse public services like Github, Gmail, and Google Play to transmit commands and stolen data. File.io. Most of their management servers are located in the United States, India, Australia, Canada, and other countries.
By compromising internal servers, attackers are able to move unnoticed within the victim's network and conduct malicious activities. And the combination of social engineering techniques and technical techniques, such as PowerShell downgrade attacks, allows them to operate as covertly as possible.
