The China-linked hacker group, Earth Estries, is like, totally sneaky and has been caught using a new backdoor, GHOSTSPIDER, to mess with Southeast Asian phone companies and stuff. Cybersecurity peeps at Trend Micro said they're pretty nasty, kind of like an APT that won't quit.
They've also used this thing called MASOL RAT on Linux computers that are part of some government networks in Southeast Asia. It's like a digital bug that lets them control the systems from afar.
These dudes have apparently hacked over 20 different groups that work with phones, tech, advice-giving, chemicals, moving things around, and even some government offices and organizations that want to make the world a better place (NGOs). They've been playing hide and seek in the internet since 2020 and have been spotted in places like the US, Asia, the Middle East, and South Africa.
The Washington Post said they've got into like more than a dozen phone companies just in the US, which is pretty wild. The government had to tell 150 people or groups that they've been hacked, and we're guessing they weren't too happy about it.
This Earth Estries crew has a bunch of cool-sounding tools like Demodex (sounds like a bug you don't want in your hair) and Deed RAT. They use these to sneak into computers and get all the juicy info.
They start their sneak attacks by taking advantage of security holes in some big tech products like Ivanti Connect Secure, Fortinet FortiClient EMS, and Microsoft Exchange Server. Once they're in, they set up their custom spyware like GHOSTSPIDER and just watch and wait.
Initial access to target networks is facilitated by the exploitation of N-day security flaws in Ivanti Connect Secure (CVE-2023-46805 and CVE-2024-21887), Fortinet FortiClient EMS (CVE-2023-48788), Sophos Firewall (CVE-2022-3236), Microsoft Exchange Server (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, aka ProxyLogon).
The researchers at Trend Micro think that Earth Estries has like, different teams for different jobs and that they're really good at hiding their tracks. It's like they're playing an elaborate game of hide and seek across the internet.
These hackers are super sneaky, attacking from the edge of networks and sliding into the cloud where it's hard to spot them. They use all sorts of tricks to not get caught while they're poking around for sensitive info.
Phone companies are like the favorite target for China's hacker squads like Granite Typhoon and Liminal Panda. They're like the internet's ninjas, always trying to get into the systems of big companies that help us talk to each other and surf the web.
So, basically, these hackers are like the schoolyard bullies of the internet, always looking for a new target to push around and steal lunch money from, except they're after super important info instead. And the good guys at CrowdStrike said China's cyber skills are getting better, so it's like they're going from stealing answers off one kid's test to hacking the whole school's network. Watch your back, internet users!