• Mon. Oct 16th, 2023

Unmasking Earth Estries: Network Looters

Avatar photo

ByEsme Greene

Sep 15, 2023
Unmasking Earth Estries: Network Looters
Esme Greene
Latest posts by Esme Greene (see all)

Under the guise of hackers, Earth Estries has started a broad cyber espionage operation targeting government organizations and technological companies in a number of nations, including the US, Taiwan, Malaysia, the Philippines, South Africa, and Germany.

Earth Estries: Masters of Cyber Espionage and Malware

According to Trend Micro experts, Earth Estries hackers have extensive financial resources and a plethora of cyber espionage knowledge, and their operations date back at least to 2020. Notably, their strategies resemble those of another organization called FamousSparrow, which ESET first discovered in 2021.

FamousSparrow, which was previously involved in using Microsoft Exchange’s ProxyLogon flaws to its advantage, targeted businesses across a range of industries, including the legal, government, engineering, and hospitality sectors.

The UNC4841 gang, which was in charge of exploiting a recently discovered 0-day vulnerability in Barracuda ESG solutions, shares similarities with FamousSparrow and Earth Estries, according to experts.

These hackers use Cobalt Strike as a key tool to get initial access to infected computers, which enables them to quickly introduce other malware for extending their control. They have a variety of backdoors and data collecting tools in their toolbox, such as Zingdoor, TrillClient, and HemiGate.

The attackers systematically remove and reinstall their backdoors on affected machines in order to avoid detection. To get beyond detection mechanisms, they strategically use strategies like DLL Sideloading and PowerShell downgrade assaults.

These hackers ease the movement of orders and stolen data by using open platforms like Github, Gmail, and File.io. In the US, India, Australia, Canada, and other countries, the majority of their control servers are strategically located.

Attackers are able to expertly move throughout the victim’s network by compromising internal systems and engaging in harmful activity. They are able to work quietly and keep a low profile by combining technological and social engineering techniques, such as PowerShell downgrade assaults.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.