An analysis by Trend Micro indicates that the cyber espionage group Earth Baxia has been attempting to target government agencies in Taiwan, as well as potentially other countries in the Asia-Pacific (APAC) region, through spear-phishing campaigns and exploitation of a critical GeoServer vulnerability known as CVE-2024-36401, a critical security vulnerability.
It is part of an ongoing campaign intended to infiltrate key sectors of society, including one of the most vital sectors of the economy: telecommunications, energy, and government.
There are several vulnerabilities within GeoServer, an open-source platform for sharing geospatial data, which may allow hackers to execute remote code through an exploit known as CVE-2024-36401.
Earth Baxia could exploit this vulnerability by downloading malicious components directly into the victim environment, using tools such as “curl” and “scp” to cast harmful files, including customized Cobalt Strike beacons, and other payloads directly into the victim’s environment.
By deploying these payloads, attackers were able to execute arbitrary commands inside compromised systems, which gave them a foothold within those compromised environments.
The Earth Baxia threat actor used a wide range of technologies to break into several countries in the Asia-Pacific region, targeting government organizations, telecommunications companies, and the energ
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: