Nearly 120 organizations across 45 countries have been subjected to attacks by Chinese advanced persistent threat operation Earth Krahang since early 2022, 70 of which have already been compromised, BleepingComputer reports.
Government organizations accounted for more than half of the entities breached by Earth Krahang as part of the campaign, a report from Trend Micro revealed. Attacks by the Chinese APT group involved the exploitation of internet-exposed Openfire servers vulnerable to CVE-2023-32315 and Control Web Panel instances impacted by CVE-2022-21587 to facilitate web shell deployment that would be used to achieve network infiltration and persistence, according to researchers. Spear-phishing tactics have also been leveraged by Earth Krahang to allow the deployment of backdoors, including XDealer which allows screenshot captures, keystroke logging, and clipboard data compromise in Windows and Linux systems. Aside from using SoftEtherVPN to infiltrate victims' private networks, Earth Krahang has also been using breached government email accounts to enable additional targeting efforts, researchers said.
