GHOSTSPIDER Strikes: China’s Cyber Espionage Comedy of Errors Unmasked
Earth Estries, a China-linked threat actor, has been using GHOSTSPIDER, a previously undocumented backdoor, to target Southeast Asian telecom companies. This group, active since at least 2020, employs a range of sophisticated malware to infiltrate and spy on entities across multiple countries, making detection as easy as finding a needle in a haystack.
Hot Take:
Just when you thought your phone bill was your biggest telecommunications problem, along comes Earth Estries with a backdoor named GHOSTSPIDER. Move over, Spider-Man, there’s a new web-slinger in town, and it’s swinging right into your network infrastructure!
Key Points:
- Earth Estries uses the previously undocumented backdoor GHOSTSPIDER in attacks on Southeast Asian telecom companies.
- This China-linked threat group has breached over 20 entities across multiple sectors and countries.
- The group’s arsenal includes a variety of malware, such as the Demodex rootkit and Deed RAT.
- Initial network access is gained through exploiting N-day security flaws in several popular software systems.
- Earth Estries exhibits a complex operational structure with region-specific attack strategies.
Already a member? Log in here