Trend Micro researchers uncovered a sophisticated campaign conducted by a threat actor tracked as Earth Krahang while investigating the activity of China-linked APT Earth Lusca.
The campaign seems active since at least early 2022 and focuses primarily on government organizations.
The APT group was spotted exploiting public-facing servers, it was observed sending spear phishing emails to deliver previously undetected backdoors.