Custom Arsenal Developed to Target Multiple Industries

216.73.216.6

Custom Arsenal Developed to Target Multiple Industries

· Published 27/05/2025 10:35 · Modified 27/05/2025 13:56

Essential information

Published: 27/05/2025 10:35
Modified: 27/05/2025 13:56
Tags: 2025-05-27 CVE-2017-9805 CVE-2021-22205 CVE-2024-27198 CVE-2024-27199 CVE-2024-51378 CVE-2024-51567 CVE-2024-56145 CVE-2024-9047 CVE-2025-31324 apt backdoor brute ratel bypassboss china-nexus cobalt strike custom tools dll sideloading multi-industry targeting pulsepack sql injection vshell vulnerability exploitation
Related entities: 9 vulnerabilities (cve), 185 observables, 1 intrusion sets (apt), 8 techniques (mitre), 5 malware, 9 others

Description

Earth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape.