Earth Akhlut

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Earth Akhlut is a recognized threat actor, originating from China, known for its malicious activities in the realm of cybersecurity. Since 2019, it has been involved in distributing the Shadowpad malware, a sophisticated tool that has caused significant concern within the cybersecurity community. This threat actor operates alongside other Chinese groups like Earth Lusca, sharing resources and tools, which makes attribution of specific attacks complex and challenging. The Shadowpad malware, shared among these groups, is a potent threat due to its capability to infiltrate networks and systems stealthily. Its distribution among multiple Chinese espionage threat actors, including Earth Akhlut and Earth Lusca, has amplified its impact and reach, posing a substantial threat to cyber-infrastructure globally. The malware's characteristics and the tactics employed by these threat actors have complicated efforts to track their activities and mitigate their effects. Since the emergence of this collaborative tactic in 2019, the cybersecurity industry has faced significant challenges in attributing specific attacks to individual groups. The practice of sharing malware among different threat actors has blurred the lines of responsibility, making it harder to pinpoint the source of an attack and take appropriate action. This has necessitated more sophisticated methods of tracking and combating such threats, emphasizing the need for advanced cybersecurity measures in the face of evolving threats like Earth Akhlut.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Chinese
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ShadowPadUnspecified
1
ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth LuscaUnspecified
3
Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Earth Akhlut Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Hackers target Pakistani government, bank and telecom provider with China-made malware
InfoSecurity-magazine
a year ago
Chinese APT Favorite Backdoor Found in Pakistani Government App
Trend Micro
a year ago
Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad