CyberSecurity updates
Updated: 2024-10-15 17:03:53 Pacfic

Flag This

malware.news

Earth Baxia APT: Chinese-Linked Hacktivist Group Exploiting GeoServer Vulnerability to Target APAC Governments - 4d


Read more: malware.news

The Earth Baxia APT group, believed to have ties to China, has been engaged in a targeted campaign against government entities and critical infrastructure in the Asia-Pacific (APAC) region. They have been exploiting a critical vulnerability in GeoServer, a popular open-source geospatial web server, to gain initial access. Once inside, attackers deploy custom Cobalt Strike payloads, including a new backdoor named EAGLEDOOR. This campaign raises concerns about the potential for disruption of essential services and demonstrates the growing sophistication of APAC-focused threat actors.

References:

  • contagiodump.blogspot.com - Earth Baxia samples - 25d
  • @VirusBulletin - Trend Micro researchers describe how Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific region using spear-phishing emails and the GeoServer vulnerability CVE-2024-3640. - 25d
  • malware.news - 2024-09-18 Earth Baxia APT - RIPCOY + SWORDLDR Samples (Spear-Phishing and GeoServer Exploit used to Target APAC) - 25d
  • www.trendmicro.com - Earth Baxia spear phishing and GeoServer exploit - 25d
  • sra.io - SRA link referencing the Earth Baxia campaign - 24d
  • securityaffairs.com - Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. - 22d

Classification:

  • HashTags: #APT #GeoServer #China
  • Target: APAC Governments
  • Attacker: Earth Baxia
  • Product: GeoServer
  • Type: Hack
  • Severity: Major






This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts here if you have feedback. You can also find Flathis at Mastodon.