CyberSecurity news
FlagThis
Lenart Bermejo@feeds.feedburner.com
//
Earth Alux, a China-linked advanced persistent threat (APT) group, has been identified launching cyberespionage attacks aimed at critical industries. Since the second quarter of 2023, this group has been targeting organizations in the Asia-Pacific (APAC) and Latin American regions, with a focus on sectors including government, technology, logistics, manufacturing, telecommunications, IT services, and retail. Trend Micro's monitoring and investigation efforts have uncloaked the group's stealthy activities and advanced techniques, highlighting the significant risk they pose to sensitive data and operational continuity.
Earth Alux primarily employs the VARGEIT malware as its main backdoor and control tool. VARGEIT is utilized at multiple stages of an attack to maintain persistence, collect data, and execute malicious operations. The malware operates as a multi-channel configurable backdoor with capabilities such as drive information collection, process monitoring, file manipulation, and command line execution. It can also inject additional tools into processes like mspaint.exe for fileless operations, making detection challenging. The group uses sophisticated techniques, including DLL sideloading, timestomping, and encrypted communication channels, to ensure stealth and evade conventional security systems.
ImgSrc: www.trendmicro.
References :
Earth Alux primarily employs the VARGEIT malware as its main backdoor and control tool. VARGEIT is utilized at multiple stages of an attack to maintain persistence, collect data, and execute malicious operations. The malware operates as a multi-channel configurable backdoor with capabilities such as drive information collection, process monitoring, file manipulation, and command line execution. It can also inject additional tools into processes like mspaint.exe for fileless operations, making detection challenging. The group uses sophisticated techniques, including DLL sideloading, timestomping, and encrypted communication channels, to ensure stealth and evade conventional security systems.
ImgSrc: www.trendmicro.
Share:
References :
- Cyber Security News: Earth Alux Hackers Deploy VARGIET Malware in Targeted Organizational Attacks
- Cyber Security News: The cybersecurity landscape has been disrupted by Earth Alux, a China-linked advanced persistent threat (APT) group actively conducting espionage operations since the second quarter of 2023. Initially targeting the Asia-Pacific region, the group expanded its operations to Latin America by mid-2024, primarily focusing on government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors in
- gbhackers.com: Earth Alux Hackers Use VARGIET Malware to Target Organizations
- Osint10x: The cyberespionage techniques of Earth Alux, a China-linked APT group, are putting critical industries at risk. The attacks, aimed at the APAC and Latin American regions, leverage powerful tools and techniques to remain hidden while stealing sensitive data. The post appeared first on .
- www.trendmicro.com: The cyberespionage techniques of Earth Alux, a China-linked APT group, are putting critical industries at risk. The attacks, aimed at the APAC and Latin American regions, leverage powerful tools and techniques to remain hidden while stealing sensitive data.
Classification:
- HashTags: #EarthAlux #Cyberespionage #VARGIET
- Company: TrendMicro
- Target: APAC and Latin American regions
- Attacker: Earth Alux
- Product: VARGIET
- Feature: VARGIET backdoor
- Malware: VARGIET
- Type: Espionage
- Severity: Major