Chinese advanced persistent threat group Earth Aughisky, also known as Taidoor, has continuously updated its malware toolset in attacks targeted at Taiwan and Japan during the past 10 years, The Hacker News reports.
Spear-phishing has been Earth Aughisky's most used entry method to facilitate next-stage backdoor deployment led by the remote access trojan Taidoor, also known as Roudan, a Trend Micro report found. Earth Aughisky has also been associated with the GrubbyRAT, LuckDLL, K4RAT, Taleret, Serkdes, and Taikite malware families. Backdoors SiyBot, DropNetClient, and TWTRAT have also been used by the APT group, according to researchers. "Groups like Earth Aughisky have sufficient resources at their disposal that allow them the flexibility to match their arsenal for long-term implementations of cyber espionage. Organizations should consider this observed downtime from this group's attacks as a period for preparation and vigilance for when it becomes active again," said Trend Micro researcher CH Lei.
