🌏

Earth Kasha

Tags

State-Sponsored

Attribution

🇨🇳

Incidents

Earth Kasha’s Campaign Exploiting Fortinet Vulnerability

References

https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html

Last edited

Nov 19, 2024 4:00 PM

Status

Finalized

Cloud-fluent

Unique Tools

LODEINFO

Targeted geography

AsiaEast Asia

Targeted industries

ManufactoringHigh-techGovernmentAerospaceTechnological

Earth Kasha is a China-linked threat actor active since 2019, primarily targeting organizations in Japan, Taiwan, and India. Known for using malware like LODEINFO and NOOPDOOR, the group exploits public-facing vulnerabilities, to infiltrate networks. Earth Kasha focuses on credential theft, data exfiltration, and targeting sectors such as government, technology, and academia, often demonstrating ties to the broader APT10 umbrella.