Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
Essential information
- Published
- 01/05/2025 20:46
- Modified
- 01/05/2025 21:00
- Tags
- 2025-05-01 apt data exfiltration krnrat moriya rootkit simpoboxspy tesdat
- Related entities
- 58 observables, 1 intrusion sets (apt), 11 techniques (mitre), 2 others
Description
An APT group named Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia, particularly in the Philippines, Vietnam, Thailand, and Malaysia. The campaign, which dates back to November 2020, employs advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma utilizes sophisticated tools like TESDAT, SIMPOBOXSPY, KRNRAT, and MORIYA, demonstrating adaptive malware toolsets and complex evasion techniques. The attackers focus on lateral movement, persistence, and data collection, using various utilities to scan infrastructures and deploy malware. They also employ rootkits to maintain stealth and bypass detection. The group's primary objective appears to be cyberespionage, with a high risk of sensitive data compromise and prolonged, undetected network access.