Earth Kurma’s Sneaky Cyber Siege on Southeast Asia: Rootkits, Cloud Theft, and Espionage Galore! 🕵️‍♂️💾

Imagine a group of cyber ninjas 🥷 slipping through the digital shadows, targeting government and telecom sectors with tools so slick they’d make James Bond jealous. That’s Earth Kurma for you — a newly uncovered Advanced Persistent Threat (APT) group wreaking havoc in Southeast Asia since at least November 2020. Their mission? Cyberespionage, data theft, and leaving no trace behind using rootkits and cloud-based trickery. Let’s dive into this high-tech heist, unpack the technical wizardry, and see how they’re pulling it off! 🚨

Who Is Earth Kurma? 🤔

Earth Kurma is the name given by Trend Micro researchers to a sophisticated APT group primarily targeting government agencies and telecommunications organizations in Southeast Asia, including the Philippines 🇵🇭, Vietnam 🇻🇳, Thailand 🇹🇭, and Malaysia 🇲🇾. Their goal isn’t just to snoop around — they’re after data exfiltration on a grand scale, using trusted cloud platforms like Dropbox and OneDrive to smuggle out sensitive info. Since June 2024, their latest wave of attacks has been particularly bold, leveraging custom malware, kernel-level rootkits, and legitimate tools to stay under the radar.