"Shadow-Earth-053 targeted government agencies, defense contractors, technology firms, and the transportation industry, gaining initial access via vulnerable Microsoft Exchange Servers."
"Victim organizations were compromised for up to eight months before the deployment of ShadowPad, a custom backdoor used by China's APT41 for nearly a decade."
"About half of the victims were also compromised by Shadow-Earth-054, which shares identical tool hashes and overlapping techniques with Shadow-Earth-053."
"Tom Kellermann likened the new Chinese groups to Salt Typhoon and Volt Typhoon, which gained long-term access to critical networks for future attacks."
The Shadow-Earth-053 group has infiltrated over a dozen critical networks in Poland and Asian countries since December 2024. They primarily target government agencies, defense contractors, technology firms, and the transportation sector. Initial access is often gained through vulnerable Microsoft Exchange Servers. Victims have been compromised for up to eight months before the deployment of ShadowPad, a backdoor used by China's APT41. The group shares similarities with Shadow-Earth-054, which exploits the same vulnerabilities and techniques, indicating a coordinated effort among China-aligned threat actors.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]