Earth Estries

Threat Actor updated 4 months ago (2024-05-04T17:59:56.005Z)
Download STIX
Preview STIX
Earth Estries is a cyberespionage group, or threat actor, that has targeted government entities and tech firms across the globe, including in the US, Germany, South Africa, Asia, Malaysia, the Philippines, and Taiwan. While the exact origin of Earth Estries remains unclear, there are indications suggesting possible links to China. The group's arsenal includes three unique malware tools: Zingdoor, TrillClient, and HemiGate - the latter being a backdoor tool. Their command and control (C&C) infrastructure relies on the Fastly CDN service, which was previously abused by threat actors related to the Chinese group APT41. The activities of Earth Estries have been widely reported, with notable coverage by Security Week and SC Magazine. A significant disclosure about their activities came to light on September 1, 2023, when it was revealed that they were involved in strategic intrusions targeting telecommunication, finance, and government sectors in Africa. This coincided with a parallel report from SentinelOne detailing similar activities by Chinese threat actors in Africa, as part of activity clusters dubbed BackdoorDiplomacy and Operation Tainted Love. Trend Micro, a cybersecurity firm, has noted overlaps in tactics, techniques, and procedures (TTPs) between Earth Estries and an advanced persistent threat (APT) group called FamousSparrow. FamousSparrow, which was active in 2021 and targeted governments and hotels, may be connected to the China-linked threat actors SparklingGoblin and DRBControl. These connections and overlaps suggest a potential wider network of threat actors with shared objectives and methods, further emphasizing the global security risks posed by groups like Earth Estries.
Description last updated: 2024-05-04T16:37:33.534Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT41
2
APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Espionage
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Earth Estries Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
6 months ago
Tales Of Valhalla - March 2024 - Nextron Systems
CERT-EU
a year ago
NextGen Security Tooling: Investments in Intelligence – Mike Coogan – CSP #142
CERT-EU
a year ago
Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents
CERT-EU
a year ago
Mopria, Cisco, Seimens , Word, DarkGate, AP Stylebook, More News, and Jason Wood – SWN #324
CERT-EU
a year ago
‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors
CERT-EU
a year ago
Earth Estries Targets Government, Tech for Cyberespionage | IT Security News
CERT-EU
a year ago
Leftover Links 01/09/2023: University of Michigan Pays Massive Price for Using Microsoft
BankInfoSecurity
a year ago
'Earth Estries' APT Hackers Are Cyberespionage Pros
InfoSecurity-magazine
a year ago
Sophisticated Cyber-Espionage Group Earth Estries Exposed
CERT-EU
a year ago
Cyber Security Week in Review: September 1, 2023
CERT-EU
a year ago
APT Group Earth Estries Runs Espionage Campaigns Against US, Others
CERT-EU
a year ago
Stealthy APT exposed: TTPs spill secrets of sophisticated campaigns
CERT-EU
a year ago
Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents
CERT-EU
a year ago
Earth Estries' Espionage Campaign Targets Governments and Tech Titans Across Continents – GIXtools
DARKReading
a year ago
APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware