Trend Micro has uncovered a sophisticated cyber espionage campaign led by a group dubbed Earth Ammit, known for targeting government bodies and critical infrastructure since late 2023. The campaign operates through a custom set of tools and a stealthy infection chain utilising public cloud infrastructure.
Key Points
- Earth Ammit attacked government entities and critical sectors in Southeast Asia, Central Asia, and Eastern Europe.
- The campaign was executed in two waves: VENOM targeting software services and TIDRONE focusing on the military industry.
- VENOM primarily employed open-source tools while TIDRONE shifted to custom-built malware for more effective espionage.
- The attackers aim to compromise trusted networks through supply chain attacks, risking data theft and credential exfiltration.
- Both campaigns utilised distinct supply chain attack techniques, highlighting the evolving nature of cyber threats.
Why should I read this?
If you’re involved in cybersecurity or within critical sectors, this article is a must-read. It details the tactics of a sophisticated threat actor that could affect your organisation. Understanding how Earth Ammit operates can save time and safeguard against potential espionage threats. Stay ahead of the curve in a time when cyber threats are becoming increasingly complex!