Researchers uncovers malware toolset used by APT group Earth Aughisky

Trend Micro researchers have uncovered the malware toolset of the Chinese cyber espionage group Earth Aughisky, known for compromising legitimate accounts, software, applications and other weaknesses in network design and infrastructure.

The gang uses spear phishing as an entry-level method, using several tools, including a remote access trojan named Taidoor (aka Roudan) to deploy next-stage backdoors.

Some other backdoors that Earth Aughisky has used over the years are: SiyBot, a basic backdoor that uses public services like Gubb and 30 Boxes for command-and-control (C2); TWTRAT, which abuses Twitter’s direct messaging feature for C2; and DropNetClient (aka Buxzop), which uses the Dropbox API for C2.

The gang has been linked to several families of malware, including GrubbyRAT, K4RAT, LuckDLL, Serkdes, Taikite and Taleret, as part of their efforts to evade detection.

The ransomware gang primarily targets organizations in Taiwan, but the investigation confirmed an expansion into Japan. Among the most frequently attacked industries are government, telecommunications, manufacturing, heavy industry, technology, transportation and healthcare.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web