A Chinese threat actor known as Earth Ammit has conducted multi-wave supply chain attacks targeting organizations in Taiwan and South Korea, affecting various sectors including military, industrial, and healthcare. These campaigns exploited open source and custom tools to compromise trusted vendors and deploy malware, causing widespread disruption.
Affected: Taiwanese organizations, South Korean organizations, supply chain systems.
Affected: Taiwanese organizations, South Korean organizations, supply chain systems.
Keypoints
- Earth Ammit is a Chinese threat group behind multi-sector supply chain attacks in Taiwan and South Korea.
- The group launched two campaigns, Tidrone and Venom, targeting organizations across military, industrial, and tech sectors.
- Attack methods included exploiting software vulnerabilities, webshell deployment, and using open source and custom tools for persistence and stealth.
- They compromised trusted vendors to deliver malware downstream, demonstrating the ripple effect of supply chain attacks.
- Over time, the group shifted from using open-source tools to deploying sophisticated, custom malware for increased precision.
Read More: https://www.securityweek.com/chinese-hackers-hit-drone-sector-in-supply-chain-attacks/