[MART] - Daily Diary #611 - Earth Aughisky APT Group

ctas-mat at appgate.com ctas-mat at appgate.com
Tue Oct 11 01:55:42 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

10/10/2022 - Diary entry #611:

Earth Aughisky, also known as Taidoor, is a very active APT (Advanced Persistent Threat) group that has conducted cyberespionage campaigns for over a decade, aiming for specific targets from the government, telecom, manufacturing, heavy, technology, transportation, and healthcare sectors in Taiwan and, most recently, Japan.

During all these years in activity, Earth Aughisky employed many different backdoors such as SiyBot, TWTRAT, and DropNetClient (aka Buxzop) – all of them abuse different popular services such as Twitter and Dropbox for setting up their C2. The group was also linked to the activities of another APT tracked as Pitty Tiger (also known as APT24) and to a variety of malware families such as GrubbyRAT, K4RAT, LuckDLL, Serkdes, Taikite, and Talere.

That’s why APT groups differ from common threats. After gaining access, they focus on establishing a foothold for the long term. For that, they use different malware strains and tools for difficult attribution and evading security mechanisms.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team


E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20221011/329a8b7d/attachment.htm>

More information about the MART mailing list