Earth Krahang

Threat Actor Profile Updated 12 days ago

Download STIX

Preview STIX

Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate their activities and modus operandi. Earth Krahang has recently come into focus due to its significant and concerning activities. The Advanced Persistent Threat (APT) group known as Earth Krahang has been implicated in a series of cyber breaches impacting government organizations globally. The scale of these breaches is substantial, with tens of government bodies affected worldwide. The information regarding these attacks has been widely reported on various cybersecurity platforms, including Security Affairs, highlighting the severity and global reach of Earth Krahang's activities. These breaches have raised serious concerns about global cybersecurity infrastructure, particularly within government organizations. Earth Krahang's ability to compromise such a wide range of entities underscores the sophistication of their tactics and the potential damage they can cause. As a result, there is a pressing need for heightened security measures and increased vigilance to counteract these threats and protect sensitive information from being exploited by such threat actors.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Earth Lusca	3	Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa
ISOON	2	iSoon, also known as Shanghai Anxun Information Technology or Auxun, is a Chinese information security (InfoSec) vendor based in Shanghai. The company's compromise led to an unusual leak of information that provided further evidence supporting the "quartermaster" theory of Chinese hacking. This theo

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Backdoor

ISOON

Vpn

Government

Chinese

Reconnaissance

Outlook

Linux

Exploits

Windows

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Dinodasrat	Unspecified	3	DinodasRAT is a multi-platform backdoor malware written in C++ that has been identified as posing significant threats to users globally. Its Linux variant, in particular, has been singled out for its ability to target Red Hat-based distributions and Ubuntu Linux, making it a potent threat to a wide
PlugX	Unspecified	1	PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It
ShadowPad	Unspecified	1	ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
I-Soon	Unspecified	1	i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Earth Krahang Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Securityaffairs	5 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	5 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	12 days ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	19 days ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	a month ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
BankInfoSecurity	4 months ago	DinodasRAT Backdoor Targeting Linux Machines Worldwide
Securityaffairs	4 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Checkpoint	4 months ago	Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research
Securityaffairs	4 months ago	DinodasRAT Linux variant targets users worldwide
Checkpoint	4 months ago	25th March – Threat Intelligence Report - Check Point Research
Securityaffairs	4 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	4 months ago	Earth Krahang APT breached tens of government orgs worldwide
BankInfoSecurity	4 months ago	Trend Micro Spots Possible iSoon Campaign