Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Earth Kasha, an APT group believed to be part of APT10, has launched a new campaign in March 2025 targeting government agencies and public institutions in Taiwan and Japan. The campaign uses spear-phishing to deliver an updated version of the ANEL backdoor, potentially for espionage purposes. Key updates include a new command to support BOF execution in memory and the use of SharpHide for persistence. The second-stage backdoor, NOOPDOOR, now supports DNS over HTTPS for C&C communications. The attack chain involves compromised email accounts, malicious Excel files, and various evasion techniques. This campaign demonstrates Earth Kasha's continued evolution and poses significant geopolitical implications.
OPENCTI LABELS :
apt10,espionage,spear-phishing,sharphide,anel backdoor
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan