Earth Kurma APT targets Southeast Asian government, telecom sectors in latest cyberespionage campaigns - #EarthKurma
The advanced persistent threat (APT) group Earth Kurma has been targeting government and telecommunications sectors in Southeast Asian countries since at least 2020. This sophisticated campaign employs a range of advanced techniques, including custom malware, kernel-level rootkits like MORIYA and KRNRAT, and trusted cloud services for data exfiltration. Earth Kurma's operations involve lateral movement, credential theft, and maintaining persistent access through various tools and loaders. While showing some similarities with other APT groups, Earth Kurma's distinct tactics and toolsets warrant its separate classification. The group's activities pose significant risks to critical infrastructure in the region, highlighting the need for enhanced security measures such as strict driver policies, Active Directory controls, and SMB restrictions.