Listen to this Post
In a recent alarming cybersecurity report, Trend Micro uncovered a sophisticated series of multi-wave attacks orchestrated by a Chinese hacking group known as Earth Ammit. This group has been targeting the drone supply chain, compromising trusted vendors and organizations across Taiwan and South Korea. Their operations spanned from 2023 to 2024, exploiting vulnerabilities in key industries such as military, heavy industry, technology, and healthcare, among others.
The Earth Ammit campaign, which consists of two distinct attack waves — named Tidrone and Venom — illustrates a growing threat to global supply chains. By infiltrating upstream vendors and deploying malicious tools, the group was able to infect downstream customers, causing widespread damage across industries. The group’s use of open-source and custom tools highlights their adaptability and sophistication, allowing them to exploit both public and private vulnerabilities in their targets’ systems.
Earth Ammit Attacks:
Trend
- Venom Campaign: The group began its operations by exploiting web server vulnerabilities to deploy web shells. This allowed Earth Ammit to install open-source proxy tools and remote access tools to maintain persistence. Once inside, they harvested credentials and used them to further infiltrate systems, ultimately compromising both service providers in Taiwan and heavy industry firms in South Korea.
Tidrone Campaign: In a later stage, the attackers targeted service providers to inject malicious code and distribute malware. Their primary goal was to achieve cyber espionage, which they executed through the deployment of customized backdoors like Cxclnt and Clntend. The backdoors provided the hackers with persistent access, allowing them to bypass security software, escalate privileges, and extract sensitive data.
The key to Earth
What Undercode Says:
The attack campaigns conducted by Earth Ammit highlight several emerging trends in cybersecurity. Firstly, the increasing reliance on upstream supply chains makes industries vulnerable to these types of indirect attacks. Hackers know that by compromising trusted vendors or services, they can access a much broader range of downstream targets without needing to breach each one directly. This technique — often referred to as a “supply chain attack” — is gaining traction because it allows for large-scale exploitation with minimal effort.
What is particularly alarming about Earth
Another point of concern is the growing sophistication of cyber espionage. By targeting sensitive sectors like the military, technology, and healthcare industries, Earth Ammit was likely seeking to gather valuable intelligence for geopolitical or economic gain. The use of tools like Screencap (a screen capture tool) and Venfrpc (a fast reverse proxy) enabled them to spy on victims with relative ease, bypassing many traditional security defenses.
This trend suggests that cybersecurity must evolve to focus not just on the protection of individual systems but also on securing entire supply chains. As organizations increasingly depend on third-party vendors and services, they must ensure that their partners and suppliers adhere to stringent security standards. Furthermore, monitoring for indicators of compromise (IoC) within supply chain channels should become a standard practice for cybersecurity professionals.
The fact that Earth Ammit operated across multiple sectors also reveals a new approach to cyber warfare, where the aim isn’t merely to cause immediate financial damage but to gather intelligence and position oneself for future actions. It’s becoming clear that the cyber threat landscape is expanding beyond just financial theft; it’s about controlling critical data, destabilizing economies, and exerting political influence.
Fact Checker Results:
🌐 Earth Ammit is believed to be a Chinese APT (Advanced Persistent Threat) group.
🚀 The group used a mix of open-source and custom-built malware to target organizations in Taiwan and South Korea.
🧠 Their tactics focus on exploiting upstream vendors to gain access to downstream systems, exemplifying a new breed of supply chain attacks.
Prediction:
Looking ahead, we can expect supply chain attacks to grow in prominence, especially as industries become more interconnected. Companies that fail to secure their vendor relationships may face increased risks from groups like Earth Ammit. The next wave of cyber threats may involve even more sophisticated malware, custom-built tools, and deeper infiltration tactics that target not just organizational networks but the very infrastructure on which they rely. To combat these threats, organizations will need to strengthen their cybersecurity defenses by integrating more advanced threat detection systems, conducting thorough vendor assessments, and collaborating with cybersecurity firms to stay ahead of these evolving threats.
References:
Reported By: www.securityweek.com
Extra Source Hub:
https://www.quora.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
