Disruption of Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
Essential information
- Published
- 13/05/2025 18:41
- Modified
- 21/05/2025 19:31
- Tags
- 2025-05-13 clntend custom backdoor cxclnt drone industry fiber-based military sector screencap south korea supply chain attack taiwan tidrone campagin venfrpc venom campaign
- Related entities
- 29 observables, 19 techniques (mitre), 3 malware, 7 others
Description
Earth Ammit, a Chinese-linked threat actor, conducted two campaigns targeting drone supply chains in Taiwan and South Korea from 2023 to 2024. The VENOM campaign focused on software service providers using open-source tools, while TIDRONE targeted military industries with custom malware. Their tactics included supply chain attacks, credential theft, and cyberespionage. Victims spanned military, satellite, heavy industry, media, technology, and healthcare sectors. Earth Ammit's goal was to compromise trusted networks for downstream attacks. They employed evolving techniques like fiber-based evasion and custom backdoors CXCLNT and CLNTEND. The campaigns showed progression from broad, low-cost tools to tailored capabilities for sensitive targets.