Since June 2024, the Earth Kurma group has been executing complex attacks against government and telecommunications sectors in Southeast Asia, particularly focusing on regions such as the Philippines, Vietnam, Thailand, and Malaysia. Researchers from Trend Micro reported the use of custom malware, including rootkits and cloud services for data exfiltration. Noteworthy malware methods include leveraging Dropbox and OneDrive for sensitive information siphoning and employing tools like TESDAT and SIMPOBOXSPY. Persistent threats are maintained through kernel-level rootkits to enhance operational security, indicating significant risks in these targeted sectors.
This campaign poses a high business risk due to targeted espionage, credential theft, persistent foothold established through kernel-level rootkits, and data exfiltration via trusted cloud platforms.
The threat actor's activities date back to November 2020, with the intrusions primarily relying on services like Dropbox and Microsoft OneDrive to siphon sensitive data.
Collection
[
|
...
]