From 38d0804f9c4a4df1960b5aef4dc72fc87fdc96e0 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Wed, 20 Mar 2024 10:23:42 -0700 Subject: [PATCH] [threat-actors] Add Earth Krahang --- clusters/threat-actor.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 26922b1..9ccf9e3 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15367,6 +15367,18 @@ }, "uuid": "d4004926-bf12-4cfe-b141-563c8ffb304a", "value": "Earth Kapre" + }, + { + "description": "Earth Krahang is an APT group targeting government organizations worldwide. They use spear-phishing emails, weak internet-facing servers, and custom backdoors like Cobalt Strike, RESHELL, and XDealer to conduct cyber espionage. The group creates VPN servers on infected systems, employs brute force attacks on email accounts, and exploits compromised government infrastructure to attack other governments. Earth Krahang has been linked to another China-linked actor, Earth Lusca, and is believed to be part of a specialized task force for cyber espionage against government institutions.", + "meta": { + "country": "CN", + "refs": [ + "https://www.rewterz.com/rewterz-news/rewterz-threat-alert-china-linked-earth-krahang-apt-breached-70-organizations-in-23-nations-active-iocs", + "https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html" + ] + }, + "uuid": "8cfc9653-51bc-40f1-a267-78a1b8c763f6", + "value": "Earth Krahang" } ], "version": 304