Earth Akhlut

Threat Actor updated 7 months ago (2024-05-04T16:24:23.146Z)

Download STIX

Preview STIX

Earth Akhlut is a recognized threat actor, originating from China, known for its malicious activities in the realm of cybersecurity. Since 2019, it has been involved in distributing the Shadowpad malware, a sophisticated tool that has caused significant concern within the cybersecurity community. This threat actor operates alongside other Chinese groups like Earth Lusca, sharing resources and tools, which makes attribution of specific attacks complex and challenging. The Shadowpad malware, shared among these groups, is a potent threat due to its capability to infiltrate networks and systems stealthily. Its distribution among multiple Chinese espionage threat actors, including Earth Akhlut and Earth Lusca, has amplified its impact and reach, posing a substantial threat to cyber-infrastructure globally. The malware's characteristics and the tactics employed by these threat actors have complicated efforts to track their activities and mitigate their effects. Since the emergence of this collaborative tactic in 2019, the cybersecurity industry has faced significant challenges in attributing specific attacks to individual groups. The practice of sharing malware among different threat actors has blurred the lines of responsibility, making it harder to pinpoint the source of an attack and take appropriate action. This has necessitated more sophisticated methods of tracking and combating such threats, emphasizing the need for advanced cybersecurity measures in the face of evolving threats like Earth Akhlut.

Description last updated: 2023-10-10T20:40:33.670Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Earth Lusca Threat Actor is associated with Earth Akhlut. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its ar	Unspecified	3

Source Document References

Information about the Earth Akhlut Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Hackers target Pakistani government, bank and telecom provider with China-made malware
InfoSecurity-magazine	a year ago	Chinese APT Favorite Backdoor Found in Pakistani Government App
Trend Micro	a year ago	Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad