Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

SUMMARY :

A spear-phishing campaign targeting Japan since June 2024 has been identified, featuring the reemergence of the ANEL backdoor, previously used by APT10 until 2018. The campaign, attributed to Earth Kasha, targets individuals in political organizations, research institutions, and international relations-related entities. The attack utilizes various infection methods, including macro-enabled documents and shortcut files. The malware suite includes ROAMINGMOUSE, ANELLDR, and updated versions of ANEL. Post-exploitation activities involve information gathering and, in some cases, deployment of the more advanced NOOPDOOR backdoor. This campaign marks a shift in Earth Kasha's tactics, moving from exploiting vulnerabilities in edge devices to targeting individuals through spear-phishing.

OPENCTI LABELS :

apt10,backdoor,spear-phishing,uac bypass,japan,noopdoor,roamingmouse,anelldr,uppercut,anel


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024