Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » China-backed Earth Baku expands cyber attacks to Europe, Middle East and Africa
Global Security

China-backed Earth Baku expands cyber attacks to Europe, Middle East and Africa

AdminBy AdminAugust 14, 2024No Comments2 Mins Read
China-Backed Earth Baku
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 14, 2024Ravi LakshmananThreat Intelligence / Cyber ​​Attack

The land of Baku supported by China

The China-backed threat actor is known as Baku land has diversified its target footprint beyond the Indo-Pacific to include Europe, the Middle East and Africa from late 2022.

New countries targeted by the operation include Italy, Germany, the UAE and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecommunications, technology, healthcare and education are some of the sectors singled out as part of a suite of intrusions.

“The group has updated its tools, tactics and procedures (TTP) in recent campaigns by using public applications such as IIS servers as entry points for attacks, after which they deploy sophisticated malware toolkits in the victim’s environment,” Trend Micro researchers Ted Lee and Theo Chen said in an analysis published last week.

Cyber ​​security

Conclusions are based on recent reports from Zscaler and owned by Google Mandyantwhich also details the threat’s use of malware families such as DodgeBox (aka DUSTPAN) and MoonWalk (aka DUSTTRAP). Trend Micro gave them the nicknames StealthReacher and SneakCross.

Earth Baku, a threat related to APT41, is known for its use of StealthVector as early as October 2020. Attack chains involve the use of publicly available applications to eliminate Godzilla web shell, which is then used to deliver subsequent payloads.

The land of Baku supported by China

StealthReacher has been classified as an improved version of the StealthVector backdoor loader responsible for launching SneakCross, a modular implant and likely successor ScrambleCross which uses Google services for command and control (C2) communication.

Attacks are also characterized by the use of other post-exploitation tools such as a joke, Rakshasaand a virtual private network (VPN) service known as Tail scale. Extracting sensitive data to MEGA cloud storage is done using a command line utility called MEGAcmd.

Cyber ​​security

“The group used new bootloaders such as StealthVector and StealthReacher to stealthily launch backdoor components, and added SneakCross as the final modular backdoor,” the researchers said.

“Earth Baku also used several tools during its post-exploitation, including iox’s custom tool, Rakshasa, TailScale for preservation, and MEGAcmd for efficient data theft.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Two different botnets exploit the vulnerability of the WAZUH server to launch attacks based on peaceful

June 9, 2025

Think what your IDP or CASB covers the shadow? These 5 risks prove differently

June 9, 2025

Openai prohibits chatgpt accounts used by Russian, Iranian and Chinese hacking groups

June 9, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.