Security News Chinese 'Earth Krahang' hackers breach 70 orgs in 23 countries

[vtqhtr413]

Content source

https://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/

According to Trend Micro researchers monitoring the activity, the campaign has been underway since early 2022 and focuses primarily on government organizations. Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.

Earth Krahang abuses its presence on breached government infrastructure to attack other governments, builds VPN servers on compromised systems, and performs brute-forcing to crack passwords for valuable email accounts.

Attack overview​

The threat actors employ open-source tools to scan public-facing servers for specific vulnerabilities, such as CVE-2023-32315 (Openfire) and CVE-2022-21587 (Control Web Panel).By exploiting these flaws, they deploy webshells to gain unauthorized access and establish persistence within victim networks.

Chinese Earth Krahang hackers breach 70 orgs in 23 countries

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries.

www.bleepingcomputer.com

Careless users cause data loss incidents

A new study from Proofpoint shows that 85 percent of organizations polled experienced at least one data loss incident in the past year. Even the country with the lowest percentage -- the UK -- still had 73 percent of respondents reporting at least one incident in the past 12 months.

betanews.com