'Earth Estries' Cyberespionage Group Targets Government, Tech Sectors
The Earth Estries cyberespionage group, possibly linked to China, has targeted government and technology organizations in the US, Germany, South Africa, Malaysia, the Philippines, and Taiwan since 2020. The group's tactics, techniques, and procedures (TTPs) overlap with those of the APT named FamousSparrow, which may be connected to China-linked threat actors SparklingGoblin and DRBControl. Earth Estries compromises admin accounts after hacking the targeted organization's internal servers, then moves laterally and deploys backdoors and other tools before collecting and exfiltrating valuable data. The group uses the HemiGate and Zingdoor backdoors and the TrillClient information stealer. Malware: Zingdoor, TrillClient, HemiGate, PlugX [View Article](https://www.securityweek.com/earth-estries-cyberespionage-group-targets-government-tech-sectors/)