Summary: A new cyber espionage group called Earth Estries, connected to FamousSparrow, has been targeting government and technology organizations since 2020. They use various hacking tools and backdoors, such as Zingdoor and TrillClient, to gain access. They employ PowerShell downgrade attacks and utilize remote control tools like Cobalt Strike. The group archives data in PDF and DDF files and uploads them to platforms like AnonFiles and File.io. They use new malware for each operation and hide their IP using fastlyCDN services. The group targets organizations in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US.
Hashtags: #EarthEstries #CyberEspionage #Hacking #Malware #DataBreach #CyberSecurity