Critical Infrastructure Security, Threat Intelligence

Expanded attacks by Earth Baku detailed

Share
Chinese cyber threat

Attacks by Chinese state-sponsored threat operation Earth Baku have expanded to healthcare, education, government, media, telecommunications, and technology organizations in Europe, the Middle East, and Africa since late 2022 after being initially targeted at the Indo-Pacific region, The Hacker News reports.

More recent intrusions by the APT41-linked threat group — which were confirmed to hit Italy, Qatar, and the United Arab Emirates and suspected to compromise Romania and Georgia — involved the targeting of internet information services and other public-facing apps to facilitate the distribution of advanced payloads, an analysis from Trend Micro revealed. After launching the updated StealthVector loader dubbed "StealthReacher" to deliver the modular SneakCross payload, Earth Baku proceeds with the distribution of the Rakshasa and iox tools, as well as the Tailscale VPN service for post-exploitation activities while enabling data exfiltration via the MEGAcmd command-line utility, reported Trend Micro researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds