A Chinese espionage group known as Earth Krahang [1] [2] [3], believed to be linked to iSoon [2], a hack-for-hire operation contracted by the Chinese Communist Party [2] [3], has conducted cyber attacks on over 70 organizations in 23 countries, including 48 government entities [1] [2].


Using standard tactics [1] [2] [3], one-day vulnerabilities [1], and social engineering [1], the group targets public-facing servers and exploits vulnerabilities such as CVE-2023-32315 and CVE-2022-21587 [3]. Earth Krahang also utilizes open source tools for reconnaissance and backdoor deployment, including the backdoor “XDealer” for keylogging and data theft [3]. Additionally, the group hijacks email accounts for phishing attacks [3]. Despite not being as sophisticated as other APT groups [1], Earth Krahang has targeted a wide range of sectors including government ministries [1] [2], education [2] [3], telecommunications [2] [3], finance [2] [3], and sports across Asia, the Americas [1] [2] [3], Europe [1] [2] [3], and Africa [1] [2] [3].


The breaches by Earth Krahang have significant implications for the security and privacy of the affected organizations and individuals. It is crucial for organizations to strengthen their cybersecurity measures, regularly update their systems, and educate employees on cybersecurity best practices to mitigate the risk of future attacks. The global community must also work together to address the growing threat of cyber espionage and ensure the protection of critical infrastructure and sensitive information.


[1] https://zephyrnet.com/uk/%D0%BA%D0%B8%D1%82%D0%B0%D0%B9%D1%81%D1%8C%D0%BA%D0%B8%D0%B9-apt-earth-krahang-%D1%81%D0%BA%D0%BE%D0%BC%D0%BF%D1%80%D0%BE%D0%BC%D0%B5%D1%82%D1%83%D0%B2%D0%B0%D0%B2-48-%D0%B4%D0%B5%D1%80%D0%B6%D0%B0%D0%B2%D0%BD%D0%B8%D1%85-%D0%BE%D1%80%D0%B3%D0%B0%D0%BD%D1%96%D0%B7%D0%B0%D1%86%D1%96%D0%B9-%D0%BD%D0%B0-5-%D0%BA%D0%BE%D0%BD%D1%82%D0%B8%D0%BD%D0%B5%D0%BD%D1%82%D0%B0%D1%85/
[2] https://zephyrnet.com/pl/chi%C5%84ski-apt-Earth-krahang-nara%C5%BCa-na-szwank-48-organ%C3%B3w-rz%C4%85dowych-na-5-kontynentach/
[3] https://www.darkreading.com/threat-intelligence/chinese-apt-earth-krahang-compromised-48-gov-orgs-5-continents