Earth Krahang

Threat Actor updated 3 months ago (2024-07-14T23:18:25.279Z)

Download STIX

Preview STIX

Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate their activities and modus operandi. Earth Krahang has recently come into focus due to its significant and concerning activities. The Advanced Persistent Threat (APT) group known as Earth Krahang has been implicated in a series of cyber breaches impacting government organizations globally. The scale of these breaches is substantial, with tens of government bodies affected worldwide. The information regarding these attacks has been widely reported on various cybersecurity platforms, including Security Affairs, highlighting the severity and global reach of Earth Krahang's activities. These breaches have raised serious concerns about global cybersecurity infrastructure, particularly within government organizations. Earth Krahang's ability to compromise such a wide range of entities underscores the sophistication of their tactics and the potential damage they can cause. As a result, there is a pressing need for heightened security measures and increased vigilance to counteract these threats and protect sensitive information from being exploited by such threat actors.

Description last updated: 2024-07-14T22:25:22.575Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Earth Lusca is a possible alias for Earth Krahang. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its ar	3
ISOON is a possible alias for Earth Krahang. The iSoon campaign refers to a series of related activities centered around Shanghai Anxun Information Technology (Anxun; aka iSOON), a key Chinese InfoSec vendor. The compromise of iSoon led to a rare leak of information, which revealed its connection to the KEYPLUG malware campaign. This incident	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Backdoor

Government

Vpn

ISOON

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Dinodasrat Malware is associated with Earth Krahang. DinodasRAT is a malicious software that has been causing significant security concerns worldwide. This malware, which targets both Windows and Linux operating systems, is designed to infiltrate your system and perform harmful activities such as stealing personal information, disrupting operations, o	Unspecified	3

Source Document References

Information about the Earth Krahang Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	2 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	4 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
BankInfoSecurity	7 months ago	DinodasRAT Backdoor Targeting Linux Machines Worldwide
Securityaffairs	7 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Checkpoint	7 months ago	Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research
Securityaffairs	7 months ago	DinodasRAT Linux variant targets users worldwide
Checkpoint	7 months ago	25th March – Threat Intelligence Report - Check Point Research
Securityaffairs	7 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini