Researchers uncovers malware toolset used by APT group Earth Aughisky

Share post:

Trend Micro researchers have uncovered the malware toolset of the Chinese cyber espionage group Earth Aughisky, known for compromising legitimate accounts, software, applications and other weaknesses in network design and infrastructure.

The gang uses spear phishing as an entry-level method, using several tools, including a remote access trojan named Taidoor (aka Roudan) to deploy next-stage backdoors.

Some other backdoors that Earth Aughisky has used over the years are: SiyBot, a basic backdoor that uses public services like Gubb and 30 Boxes for command-and-control (C2); TWTRAT, which abuses Twitter’s direct messaging feature for C2; and DropNetClient (aka Buxzop), which uses the Dropbox API for C2.

The gang has been linked to several families of malware, including GrubbyRAT, K4RAT, LuckDLL, Serkdes, Taikite and Taleret, as part of their efforts to evade detection.

The ransomware gang primarily targets organizations in Taiwan, but the investigation confirmed an expansion into Japan. Among the most frequently attacked industries are government, telecommunications, manufacturing, heavy industry, technology, transportation and healthcare.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways