A new Trend Research report reveals a growing trend of collaboration between China-aligned APT groups, particularly Earth Estries and Earth Naga, through a model called “Premier Pass-as-a-Service.” This approach enables threat actors to share access and tools, making cyberespionage campaigns more complex and harder to attribute. #EarthEstries #EarthNaga #ShadowPad
Keypoints
- China-aligned APT groups are increasingly collaborating using the “Premier Pass-as-a-Service” model.
- Earth Estries acts as an access broker, providing compromised assets to Earth Naga for further exploitation.
- The groups have targeted telecommunications, government, and defense sectors across APAC and NATO regions.
- Shared toolsets include Earth Estries’ CrowDoor backdoor and Earth Naga’s ShadowPad malware.
- This collaborative model complicates detection, attribution, and response efforts for cybersecurity defenders.