Earth Krahang

Threat Actor Profile Updated 2 days ago
Download STIX
Preview STIX
Earth Krahang, an Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the cybersecurity landscape. This entity, possibly linked to Chinese state hacking contractor iSoon, has been responsible for breaching numerous government organizations worldwide. Trend Micro reported earlier this month that Earth Krahang has been using a custom backdoor known as DinodasRAT, demonstrating a sophisticated level of cyber-espionage capability. This APT's toolset includes the cross-platform backdoor DinodasRAT, also known as XDealer, which has been previously observed in attacks by the Chinese threat actor LuoYu. Notably, since 2023, Earth Krahang shifted its operations to another backdoor named XDealer (or DinodasRAT), showcasing their ability to adapt and evolve their strategies over time. The use of these tools aligns with the insights shared by Trend Micro researchers in their comprehensive analysis of Earth Krahang's activities. In March 2024, while investigating the activity of another China-linked APT, Earth Lusca, Trend Micro researchers uncovered a sophisticated campaign conducted by Earth Krahang. This discovery further emphasizes the substantial threat posed by this group and underscores the need for robust cybersecurity measures to counter such advanced threats.
What's your take? (Question 1 of 5)
b6a9a7cd-c98f-48ef-a652-69bc3602cd84 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Earth Lusca
3
Earth Lusca is a significant threat actor that has recently expanded its malicious arsenal with the SprySOCKS Linux malware, posing an increased risk to global cybersecurity. This group is known for executing actions with harmful intent, and could be composed of individuals, private companies, or go
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Backdoor
Government
Vpn
ISOON
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DinodasratUnspecified
3
DinodasRAT is a novel malware variant that has been causing significant disruption worldwide, particularly targeting Linux users. The malicious software first came to light during a cyber-espionage campaign against a governmental entity in Guyana, which was discovered in February 2023. This campaign
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Earth Krahang Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
InfoSecurity-magazine
2 months ago
Prolific Chinese Threat Campaign Targets 100+ Victims
Securityaffairs
23 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
2 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
DinodasRAT Linux variant targets users worldwide
Securityaffairs
2 months ago
Earth Krahang APT breached tens of government orgs worldwide
Checkpoint
2 months ago
Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research
Securityaffairs
a month ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
2 months ago
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Securityaffairs
2 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Checkpoint
2 months ago
25th March – Threat Intelligence Report - Check Point Research
BankInfoSecurity
2 months ago
DinodasRAT Backdoor Targeting Linux Machines Worldwide
BankInfoSecurity
2 months ago
Trend Micro Spots Possible iSoon Campaign