Earth Lamia Strikes Again: Chinese Hackers Exploit Vulnerabilities Worldwide
Earth Lamia, a Chinese threat actor, has been targeting vulnerabilities in web applications worldwide since at least 2023. Known for exploiting SQL injection flaws, the group infiltrates sectors like finance and IT, using custom tools and backdoors. Remember, if you see “sysadmin123” pop up, you might want to call your IT department!
Hot Take:
Watch out world, because Earth Lamia is here to make your life as complicated as a Rubik’s cube doused in hot sauce! These guys are juggling SQL injections and deploying webshells like they’re in a circus act, and it seems like no sector is safe from their digital acrobatics. So put on your cybersecurity helmets, because it’s going to be a bumpy ride!
Key Points:
- Earth Lamia targets multiple sectors worldwide with a focus on specific industries over time.
- The group exploits known vulnerabilities, especially in SQL injection, to compromise web applications.
- Their toolkit includes deploying webshells, escalating privileges, and creating admin accounts.
- They utilize BypassBoss, open-source tools, and custom loaders for executing malicious shellcode.
- Trend Micro links Earth Lamia to other Chinese threat actors and espionage campaigns.
Already a member? Log in here