Custom Arsenal Developed to Target Multiple Industries

SUMMARY :

Earth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape.

OPENCTI LABELS :

apt,backdoor,cobalt strike,sql injection,cve-2024-27199,cve-2024-27198,cve-2017-9805,brute ratel,dll sideloading,vulnerability exploitation,cve-2021-22205,multi-industry targeting,china-nexus,vshell,cve-2025-31324,cve-2024-56145,cve-2024-51378,cve-2024-51567,pulsepack,bypassboss,cve-2024-9047,custom tools


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Custom Arsenal Developed to Target Multiple Industries