Summary: A new cyber-espionage campaign by the APT group Earth Kasha has been detected, targeting government agencies and public institutions in Taiwan and Japan. This campaign features evolved tactics, including a sophisticated payload within a macro-enabled Excel document and advanced evasion techniques aimed at enhancing stealth and persistence. The efforts underscore a heightened geopolitical focus, particularly amid rising tensions in East Asia.
Affected: Government agencies and public institutions in Taiwan and Japan
Keypoints :
- Earth Kasha employs spear-phishing tactics with malicious Excel files linked through legitimate OneDrive URLs.
- The group’s ANEL backdoor now includes enhanced functionality, integrating red-team-style techniques for more modular operations.
- NOOPDOOR, the second-stage backdoor, utilizes DNS over HTTPS for encrypted communications to evade detection.
- The campaign marks a strategic shift towards higher-value targets, emphasizing the geopolitical implications of espionage activities in the region.