Summary: A recent Trend Research report highlights the activities of the advanced persistent threat group, Earth Kurma, which has been targeting government and telecom entities in Southeast Asia since November 2020. Utilizing sophisticated tactics for cyberespionage and data exfiltration, Earth Kurma employs custom tools and stealthy rootkits to execute their operations. The group’s modular malware architecture and operational security indicate a highly organized, potentially state-backed threat actor focused on strategic intelligence within the region.
Affected: Government and telecommunications entities in Southeast Asia
Keypoints :
- Earth Kurma has targeted multiple Southeast Asian countries, focusing on government sectors for data exfiltration.
- Key tools and techniques include advanced rootkits (MORIYA and KRNRAT), various custom loaders, and stealthy data exfiltration methods.
- Forensic analysis indicates overlaps with other APT groups, though definitive attribution remains elusive.
Source: https://securityonline.info/earth-kurma-apt-targets-southeast-asia-with-stealthy-cyberespionage/