Trend Micro researchers have uncovered the malware toolset of the Chinese cyber espionage group Earth Aughisky, known for compromising legitimate accounts, software, applications and other weaknesses in network design and infrastructure.
The gang uses spear phishing as an entry-level method, using several tools, including a remote access trojan named Taidoor (aka Roudan) to deploy next-stage backdoors.
Some other backdoors that Earth Aughisky has used over the years are: SiyBot, a basic backdoor that uses public services like Gubb and 30 Boxes for command-and-control (C2); TWTRAT, which abuses Twitter’s direct messaging feature for C2; and DropNetClient (aka Buxzop), which uses the Dropbox API for C2.
The gang has been linked to several families of malware, including GrubbyRAT, K4RAT, LuckDLL, Serkdes, Taikite and Taleret, as part of their efforts to evade detection.
The ransomware gang primarily targets organizations in Taiwan, but the investigation confirmed an expansion into Japan. Among the most frequently attacked industries are government, telecommunications, manufacturing, heavy industry, technology, transportation and healthcare.
The sources for this piece include an article in TheHackerNews.