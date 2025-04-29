Cloud Security, Threat Intelligence

Southeast Asia targeted by Earth Kurma APT attacks

(Adobe Stock)

(Adobe Stock)

Attacks involving rootkits and cloud-based data exfiltration tools have been deployed by newly emergent advanced persistent threat operation Earth Kurma against government and telecommunications organizations in Malaysia, Thailand, Vietnam, and the Philippines as part of a hacking campaign that commenced in June, according to The Hacker News. Earth Kurma has been exploiting initial access on targeted networks to facilitate the distribution of the NBTSCAN, FRPC, Ladon, WMIHACKER, and ICMPinger tools for scanning and lateral movement, as well as the KMLOG keylogger for credential gathering activities, before proceeding with the delivery of the DMLOADER, DUNLOADER, and TESDAT loaders, a report from Trend Micro showed. Aside from enabling the deployment of Cobalt Strike beacons, such loaders also allowed injection of the Moriya and KRNRAT rootkits, as well as the SIMPOBOXSPY and ODRIX tools that uploaded stolen data as RAR archives to Dropbox and OneDrive, respectively. Researchers emphasized the highly adaptive nature of Earth Kurma hackers, who could leverage previously used code bases, as well as victims' infrastructure, in their attacks.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BotnetCovert ChannelsDNS SpoofingDeauthentication AttackDeepfakeDenial of ServiceDumpSecDumpster DivingFault Line AttacksGoogle Hacking

You can skip this ad in 5 seconds