A sophisticated cyber espionage campaign attributed to Earth Ammit has targeted Taiwan and South Koreaβs military, satellite, industry, media, and healthcare sectors during 2023-2024. The campaigns involved supply chain attacks, malware deployment, and exploitation of trusted communication channels, with links to Chinese-speaking nation-state groups.
Affected: Taiwan, South Korea, military, satellite, heavy industry, media, technology, software services, healthcare
Affected: Taiwan, South Korea, military, satellite, heavy industry, media, technology, software services, healthcare
Keypoints
- Earth Ammit is linked to campaigns targeting critical sectors in Taiwan and South Korea from 2023 to 2024.
- The VENOM campaign focused on supply chain vulnerabilities and deploying remote access tools through web server exploits.
- The TIDRONE campaign targeted drone manufacturers and military entities using custom malware like CXCLNT and CLNTEND.
- Shared infrastructure and tactics suggest both campaigns are operated by the same threat actor with Chinese-speaking origins.
- Advanced evasion techniques and modular malware architecture complicate detection and attribution efforts.
Read More: https://thehackernews.com/2025/05/earth-ammit-breached-drone-supply.html