Earth Ammit Disrupted Drone Supply Chains through ERP in VENOM and TIDRONE Campaigns

Global
Earth Ammit Disrupted Drone Supply Chains through ERP in VENOM and TIDRONE Campaigns

Published:

Staff Editor
Written by: Staff Editor
spot_img

Earth Ammit’s Cyber Espionage Campaigns Targeting Drone Supply Chains in Taiwan and South Korea

Cyber Espionage: Earth Ammit Targets Taiwan and South Korea

A sophisticated cyber espionage group, known as Earth Ammit, has been linked to two extensive hacking campaigns affecting key sectors in Taiwan and South Korea. According to cybersecurity firm Trend Micro, these campaigns are aimed at military, technology, media, and healthcare organizations, marking a significant threat to national security.

Contents
Earth Ammit’s Cyber Espionage Campaigns Targeting Drone Supply Chains in Taiwan and South KoreaCyber Espionage: Earth Ammit Targets Taiwan and South Korea

The first campaign, dubbed VENOM, focuses on software service providers as entry points to infiltrate critical infrastructure. Researchers Pierre Lee, Vickie Su, and Philip Chen revealed that Earth Ammit’s goal is to exploit vulnerabilities in the drone supply chain, aiming to access trusted networks and amplify their reach downstream. "This approach allows for broader targeting of high-value entities," they noted.

The TIDRONE campaign, the second wave of attacks, specifically targets the military sector, employing custom malware to breach drone manufacturers in Taiwan. This malware, identified as CXCLNT and its successor CLNTEND, is engineered to deliver malicious payloads while cleverly utilizing legitimate software such as enterprise resource planning (ERP) systems.

Researchers also highlight an alarming trend in these attacks—Earth Ammit’s use of trusted communication channels, including remote monitoring tools, to execute their plans. This tactic not only complicates detection but also underscores the evolution of cyber threats.

The interconnected nature of the two campaigns is apparent, with shared command-and-control infrastructure linking them to a single threat actor, potentially affiliated with China. Trend Micro indicates that tactics used by Earth Ammit closely resemble those of another Chinese hacking group, further complicating attribution efforts.

As these espionage activities threaten vital industries, experts stress the importance of enhanced cybersecurity measures and awareness to combat the rising tide of cyber warfare.

spot_img

Related articles

Recent articles

Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com