A Dive into Latest Campaign

SUMMARY :

Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle East, and Africa, targeting countries like Italy, Germany, UAE, and Qatar. The group leverages public-facing applications like IIS servers as entry points, deploying sophisticated malware toolsets such as the Godzilla webshell, StealthVector, StealthReacher, and SneakCross. StealthVector and StealthReacher are customized loaders that stealthily launch backdoor components, while SneakCross is a modular backdoor utilizing Google services for command-and-control activities. During post-exploitation, Earth Baku employs tools like a customized iox tool, Rakshasa, and Tailscale for persistence, along with MEGAcmd for data exfiltration.

OPENCTI LABELS :

apt,backdoor,cobalt strike,espionage,loader,cybercrime,godzilla,stealthvector,stealthreacher,megacmd,sneakcross,tailscale,rakshasa


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A Dive into Latest Campaign