Earth Lamia Strikes: China’s Cyber Espionage Escapades Targeting Global Industries Unveiled
Earth Lamia, a China-linked threat actor, has been exploiting multiple vulnerabilities like CVE-2025-31324 in SAP NetWeaver for cyber espionage. The group targets organizations across Brazil, India, and Southeast Asia, shifting from financial services to logistics, online retail, and now IT, universities, and government entities.

Hot Take:
Well, it seems like China-linked hackers have decided to take their talents on a worldwide tour! With targets spanning from Bollywood to beaches in Southeast Asia, these cybercriminals are really getting their frequent flyer miles in. Just remember, folks, the only thing scarier than a 404 Error is a hacker with a passport and a penchant for SQL injections!
Key Points:
- The China-linked group, Earth Lamia, is exploiting SAP NetWeaver and other vulnerabilities.
- Targets include a variety of sectors in Brazil, India, and Southeast Asia.
- They use a mix of custom backdoors and known vulnerabilities for infiltration.
- Mimic ransomware attempts have been largely unsuccessful in India.
- Their focus has shifted from financial services to logistics, retail, IT, and government.
Already a member? Log in here