216.73.217.86

Spot the Difference: New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

· Published 19/11/2024 09:19 · Modified 19/11/2024 09:35

Export JSON

Essential information

Published
19/11/2024 09:19
Modified
19/11/2024 09:35
Tags
2024-11-19 CVE-2023-27997 CVE-2023-28461 CVE-2023-45727 apt backdoor china-nexus cobalt strike credential-theft lodeinfo mirrorstealer noopdoor
Related entities
7 vulnerabilities (cve), 7 observables, 1 intrusion sets (apt), 19 techniques (mitre), 4 malware, 8 others

Description

Earth Kasha, a threat group targeting Japan since 2019, has launched a new campaign with significant updates to their tactics and arsenals. The group has expanded its targets to include Taiwan and India, focusing on advanced technology organizations and government agencies. They now exploit public-facing applications like SSL-VPN and file storage services for initial access, using vulnerabilities in products such as Array AG, Proself, and FortiOS/FortiProxy. Earth Kasha deploys multiple backdoors including , , and the newly discovered . Their post-exploitation activities involve information theft, credential acquisition, and lateral movement. The group utilizes custom malware like for credential dumping and employs sophisticated techniques to evade detection. While similarities exist with other actors, Earth Kasha maintains distinct characteristics in its operations.

External references