Uncovering Earth Krahang's Operation Targeting Global Government Entities
Since early 2022, we have been monitoring an APT campaign targeting several government entities worldwide, with a strong focus in Southeast Asia, but we have also seen targets in Europe, America, or Africa. Our research allowed us to identify multiple connections with China-nexus threat actors Earth Lusca and Luoyu. Despite this campaign still has an independent infrastructure and employed unique backdoors. We managed to retrieve multiple files from the threat actor's servers, including samples, configuration files and log files from their attack tools. By combining this data with our telemetry, we have gained a better understanding of their operation and build a clear view of Earth Krahang’s victimology and interests. In this presentation, we are going to disclose the details of their latest operations.
TOPIC / TRACK
Threat Research Forum
LOCATION
Taipei Nangang Exhibition Center, Hall 2
4F 4B
LEVEL
Intermediate Intermediate sessions focus on cybersecurity architecture, tools, and practical applications, ideal for professionals with a basic understanding of cybersecurity.
SESSION TYPE
Breakout Session
LANGUAGE
Chinese
SUBTOPIC
Threat Intelligence
APT
Chinese Cyber Warrior
CYBERSEC 2024 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。