Cyberespionage threat operation Earth Ammit, which is believed to be associated with Chinese-speaking hackers, has targeted Taiwanese and South Korean software service providers and military organizations as part of supply chain attack campaigns between 2023 and 2024, The Record reports.
Organizations part of the drone supply chain have been subjected to Earth Ammit's first attack wave, called "Venom", which involved the exploitation of open-source tools to easily conceal malicious activity, according to a Trend Micro analysis. Earth Ammit then set its sights on Taiwanese military and satellite organizations in its subsequent "Tidrone" campaign, which involved customized CLNTEND and CXCLNT backdoors that facilitated cyberespionage activities. Both Venom and Tidrone campaigns have been linked to Earth Ammit not only due to their shared command-and-control infrastructure but also because they compromised the same organizations. Despite having similar attack tactics as suspected Chinese state-sponsored threat operation Dalbit, Earth Ammit's real affiliation still requires more investigation, said researchers.
Organizations part of the drone supply chain have been subjected to Earth Ammit's first attack wave, called "Venom", which involved the exploitation of open-source tools to easily conceal malicious activity, according to a Trend Micro analysis. Earth Ammit then set its sights on Taiwanese military and satellite organizations in its subsequent "Tidrone" campaign, which involved customized CLNTEND and CXCLNT backdoors that facilitated cyberespionage activities. Both Venom and Tidrone campaigns have been linked to Earth Ammit not only due to their shared command-and-control infrastructure but also because they compromised the same organizations. Despite having similar attack tactics as suspected Chinese state-sponsored threat operation Dalbit, Earth Ammit's real affiliation still requires more investigation, said researchers.
