Organizations in various sectors across Brazil, India, and Southeast Asia have been subjected to attacks by the China-linked advanced persistent threat operation Earth Lamia since 2023, reports GBHackers News.
After initially targeting financial services entities, Earth Lamia has since expanded its intrusions to compromise logistics and IT firms, as well as government agencies and universities, according to Trend Micro researchers. Attacks by Earth Lamia were noted to have involved a plethora of customized tools including the modular .NET-based backdoor PULSEPACK, which has since been improved with a WebSocket-based iteration, and the open-source privilege escalation tool BypassBoss as well as sophisticated techniques, such as DLL sideloading and in-memory payload execution via legitimate binaries. Vulnerable systems have also been a priority for Earth Lamia, which has been exploiting flaws impacting SAP NetWeaver Visual Composer, GitLab, and Apache Struts2. Continuous improvements in Earth Lamia's attack arsenal should prompt proactive security monitoring and strengthened patching efforts, said Trend Micro.
After initially targeting financial services entities, Earth Lamia has since expanded its intrusions to compromise logistics and IT firms, as well as government agencies and universities, according to Trend Micro researchers. Attacks by Earth Lamia were noted to have involved a plethora of customized tools including the modular .NET-based backdoor PULSEPACK, which has since been improved with a WebSocket-based iteration, and the open-source privilege escalation tool BypassBoss as well as sophisticated techniques, such as DLL sideloading and in-memory payload execution via legitimate binaries. Vulnerable systems have also been a priority for Earth Lamia, which has been exploiting flaws impacting SAP NetWeaver Visual Composer, GitLab, and Apache Struts2. Continuous improvements in Earth Lamia's attack arsenal should prompt proactive security monitoring and strengthened patching efforts, said Trend Micro.
