Summary: An advanced persistent threat group, Earth Kurma, has been targeting government and telecommunications sectors in Southeast Asia since June 2024 using sophisticated malware and rootkits for data exfiltration. Their operations, which date back to November 2020, primarily exploit cloud services like Dropbox and OneDrive to steal sensitive information from countries including the Philippines, Vietnam, Thailand, and Malaysia. Security researchers warn that the intrusions pose a significant business risk due to credential theft and the establishment of persistent footholds in compromised environments.
Affected: Government and telecommunications sectors in Southeast Asia
Keypoints :
- Earth Kurma employs custom malware, rootkits, and cloud storage for espionage and credential theft.
- Notable malware includes SIMPOBOXSPY, KRNRAT, and Moriya, with some tools sharing code with other threat groups.
- The group uses “living-off-the-land” techniques to maintain stealth and avoid detection during attacks.
Source: https://thehackernews.com/2025/04/earth-kurma-targets-southeast-asia-with.html
Views: 17