Earth Ammit Disrupted Drone Supply Chains through ERP in VENOM and TIDRONE Campaigns

Global
Earth Ammit Disrupted Drone Supply Chains through ERP in VENOM and TIDRONE Campaigns

Published:

Written by: Staff Editor
spot_img

Earth Ammit’s Cyber Espionage Campaigns Targeting Drone Supply Chains in Taiwan and South Korea

Cyber Espionage: Earth Ammit Targets Taiwan and South Korea

A sophisticated cyber espionage group, known as Earth Ammit, has been linked to two extensive hacking campaigns affecting key sectors in Taiwan and South Korea. According to cybersecurity firm Trend Micro, these campaigns are aimed at military, technology, media, and healthcare organizations, marking a significant threat to national security.

Contents
Earth Ammit’s Cyber Espionage Campaigns Targeting Drone Supply Chains in Taiwan and South KoreaCyber Espionage: Earth Ammit Targets Taiwan and South Korea

The first campaign, dubbed VENOM, focuses on software service providers as entry points to infiltrate critical infrastructure. Researchers Pierre Lee, Vickie Su, and Philip Chen revealed that Earth Ammit’s goal is to exploit vulnerabilities in the drone supply chain, aiming to access trusted networks and amplify their reach downstream. "This approach allows for broader targeting of high-value entities," they noted.

The TIDRONE campaign, the second wave of attacks, specifically targets the military sector, employing custom malware to breach drone manufacturers in Taiwan. This malware, identified as CXCLNT and its successor CLNTEND, is engineered to deliver malicious payloads while cleverly utilizing legitimate software such as enterprise resource planning (ERP) systems.

Researchers also highlight an alarming trend in these attacks—Earth Ammit’s use of trusted communication channels, including remote monitoring tools, to execute their plans. This tactic not only complicates detection but also underscores the evolution of cyber threats.

The interconnected nature of the two campaigns is apparent, with shared command-and-control infrastructure linking them to a single threat actor, potentially affiliated with China. Trend Micro indicates that tactics used by Earth Ammit closely resemble those of another Chinese hacking group, further complicating attribution efforts.

As these espionage activities threaten vital industries, experts stress the importance of enhanced cybersecurity measures and awareness to combat the rising tide of cyber warfare.

spot_img

Related articles

Recent articles

Attackers Exploit Cloudflare Zero-Day to Bypass WAF Using ACME Certificate Validation

Resources
Understanding the Cloudflare Zero-Day Vulnerability In the rapidly evolving landscape of web security, vulnerabilities can pose significant risks to both service providers and their customers....
Read more

Language as Vulnerability: Unpacking the Google Gemini Calendar Exploit

Dark Watch
Understanding the Google Gemini Vulnerability: A New Era of Cyber Threats Introduction to the Vulnerability In recent years, cybersecurity teams have devoted considerable efforts to strengthen...
Read more

Salalah Mills Opens $65 Million Bakery Plant in Khazaen Economic City

Regional
Bakery Manufacturing Plant Launches in Khazaen Economic City Introduction to the New Facility The Food Development Company, a key subsidiary of Salalah Mills Company, has recently...
Read more

Turning Insights Into Action

Regional
20 Jan From Insight to Action Join the pivotal event where security experts unite to lead the future. The Security Middle East Conference is emerging as...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com