Disruption of Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan

SUMMARY :

Earth Ammit, a Chinese-linked threat actor, conducted two campaigns targeting drone supply chains in Taiwan and South Korea from 2023 to 2024. The VENOM campaign focused on software service providers using open-source tools, while TIDRONE targeted military industries with custom malware. Their tactics included supply chain attacks, credential theft, and cyberespionage. Victims spanned military, satellite, heavy industry, media, technology, and healthcare sectors. Earth Ammit's goal was to compromise trusted networks for downstream attacks. They employed evolving techniques like fiber-based evasion and custom backdoors CXCLNT and CLNTEND. The campaigns showed progression from broad, low-cost tools to tailored capabilities for sensitive targets.

OPENCTI LABELS :

supply chain attack,south korea,taiwan,drone industry,venom campaign,custom backdoor,screencap,fiber-based,clntend,venfrpc,cxclnt,tidrone campagin,military sector


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Disruption of Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan