Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Earth Baxia, a suspected China-based threat actor, targeted government organizations, telecommunication businesses, and the energy industry in multiple Asia-Pacific countries. The group employed sophisticated techniques, including spear-phishing emails and exploitation of a GeoServer vulnerability (CVE-2024-36401). They deployed customized Cobalt Strike components and a new backdoor called EAGLEDOOR on compromised machines. EAGLEDOOR supports multiple communication protocols for information gathering and payload delivery. The attackers used public cloud services to host malicious files, making tracking difficult. They also utilized techniques like GrimResource and AppDomainManager injection to deploy additional payloads. The campaign affected countries including Taiwan, Philippines, South Korea, Vietnam, Thailand, and potentially China.
OPENCTI LABELS :
cobalt strike,spear-phishing,geoserver,ripcoy,eagledoor
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC