ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Earth Krahang

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Earth Krahang

NamesEarth Krahang (Trend Micro)
CountryChina China
MotivationInformation theft and espionage
First seen2022
Description(Trend Micro) Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa. The threat actor exploits public-facing servers and sends spear phishing emails to deliver previously unseen backdoors.

Our research allowed us to identify the campaign’s multiple connections with a China-nexus threat actor we track as Earth Lusca. However, since the campaign employs independent infrastructure and unique backdoors, we believe it to be a separate intrusion set that we named Earth Krahang.
ObservedSectors: Defense, Education, Financial, Government, Healthcare, Hospitality, IT, Manufacturing, Media, NGOs, Retail, Shipping and Logistics, Telecommunications.
Countries: Argentina, Bangladesh, Bolivia, Brazil, Cambodia, Ecuador, Egypt, Hungary, India, Indonesia, Israel, Jordan, Kazakhstan, Kyrgyzstan, Laos, Malaysia, Mexico, Morocco, Myanmar, Nigeria, Oman, Pakistan, Peru, Romania, Rwanda, Saudi Arabia, South Africa, South Korea, Sri Lanka, Tajikistan, Thailand, Turkey, UAE, UK, USA, Uzbekistan, Vietnam.
Tools usedCobalt Strike, DinodasRAT, PlugX, Reshell, ShadowPad Winnti.
Information<https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html>

Last change to this card: 22 April 2024

Download this actor card in PDF or JSON format

Previous: Earth Berberoka
Next: Earth Lusca

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]