Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An APT group named Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia, particularly in the Philippines, Vietnam, Thailand, and Malaysia. The campaign, which dates back to November 2020, employs advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma utilizes sophisticated tools like TESDAT, SIMPOBOXSPY, KRNRAT, and MORIYA, demonstrating adaptive malware toolsets and complex evasion techniques. The attackers focus on lateral movement, persistence, and data collection, using various utilities to scan infrastructures and deploy malware. They also employ rootkits to maintain stealth and bypass detection. The group's primary objective appears to be cyberespionage, with a high risk of sensitive data compromise and prolonged, undetected network access.
OPENCTI LABELS :
apt,data exfiltration,rootkit,tesdat,simpoboxspy,moriya,krnrat
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors