- Ukraine Police Bust Fraud Scheme - October 15, 2023
- Saudi Man Sentenced for X & YouTube - October 15, 2023
- Pro-Russia Hackers Leak Military Data - October 15, 2023
Under the guise of hackers, Earth Estries has started a broad cyber espionage operation targeting government organizations and technological companies in a number of nations, including the US, Taiwan, Malaysia, the Philippines, South Africa, and Germany.
Earth Estries: Masters of Cyber Espionage and Malware
According to Trend Micro experts, Earth Estries hackers have extensive financial resources and a plethora of cyber espionage knowledge, and their operations date back at least to 2020. Notably, their strategies resemble those of another organization called FamousSparrow, which ESET first discovered in 2021.
FamousSparrow, which was previously involved in using Microsoft Exchange’s ProxyLogon flaws to its advantage, targeted businesses across a range of industries, including the legal, government, engineering, and hospitality sectors.
The UNC4841 gang, which was in charge of exploiting a recently discovered 0-day vulnerability in Barracuda ESG solutions, shares similarities with FamousSparrow and Earth Estries, according to experts.
These hackers use Cobalt Strike as a key tool to get initial access to infected computers, which enables them to quickly introduce other malware for extending their control. They have a variety of backdoors and data collecting tools in their toolbox, such as Zingdoor, TrillClient, and HemiGate.
The attackers systematically remove and reinstall their backdoors on affected machines in order to avoid detection. To get beyond detection mechanisms, they strategically use strategies like DLL Sideloading and PowerShell downgrade assaults.
These hackers ease the movement of orders and stolen data by using open platforms like Github, Gmail, and File.io. In the US, India, Australia, Canada, and other countries, the majority of their control servers are strategically located.
Attackers are able to expertly move throughout the victim’s network by compromising internal systems and engaging in harmful activity. They are able to work quietly and keep a low profile by combining technological and social engineering techniques, such as PowerShell downgrade assaults.