Trend Micro’s report highlights Earth Lamia, a sophisticated China-linked APT group using custom backdoors and exploit techniques across global industries. The group’s evolving tactics include exploiting CVEs, deploying modular backdoors like PULSEPACK, and using DLL sideloading for stealth operations. #EarthLamia #AsiaCyberThreats
Keypoints
- Earth Lamia is an advanced persistent threat group linked to China that targets multiple industries worldwide.
- The group exploits known CVEs such as CVE-2017-9805 and CVE-2024-9047 to gain initial access.
- They employ lateral movement techniques like deploying webshells, creating admin accounts, and credential dumping.
- Since August 2024, Earth Lamia has used PULSEPACK, a modular .NET backdoor that communicates via WebSockets.
- The group leverages DLL sideloading and encrypts payloads with RC4 and AES to evade detection.