Tags
State-Sponsored
Attribution
🇨🇳
Incidents
Earth Kasha’s Campaign Exploiting Fortinet Vulnerability
References
https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html
Last edited
Nov 19, 2024 4:00 PM
Status
Finalized
Cloud-fluent
Unique Tools
LODEINFO
Targeted geography
AsiaEast Asia
Targeted industries
ManufactoringHigh-techGovernmentAerospaceTechnological
Earth Kasha is a China-linked threat actor active since 2019, primarily targeting organizations in Japan, Taiwan, and India. Known for using malware like LODEINFO and NOOPDOOR, the group exploits public-facing vulnerabilities, to infiltrate networks. Earth Kasha focuses on credential theft, data exfiltration, and targeting sectors such as government, technology, and academia, often demonstrating ties to the broader APT10 umbrella.