Hacking Group Earth Estries Targets Global Industries In Espionage Campaigns - 1

Image by Diana den Held, from Unsplash

Hacking Group Earth Estries Targets Global Industries In Espionage Campaigns

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Earth Estries, a Chinese hacking group, targets global industries with advanced malware, exploiting vulnerabilities and conducting long-term espionage across critical sectors.

In a Rush? Here are the Quick Facts!

  • Earth Estries targets industries in the U.S., Asia-Pacific, Middle East, and Africa.
  • They exploit server vulnerabilities and use advanced malware like GHOSTSPIDER and SNAPPYBEE.
  • They focus on long-term espionage, infiltrating vendor networks to access larger targets.

Salt Typhoon recently gained attention for a China-linked espionage campaign compromising U.S. telecom giants like Verizon, AT&T, Lumen Technologies, and T-Mobile, as noted in The Record . The attackers reportedly accessed customer call data, focusing on individuals linked to government or political activities.

On Monday, cybersecurity firm Trend Micro reported another campaign linked to Earth Estries, their term for Salt Typhoon, targeting Southeast Asian telecoms with a new backdoor tool called GhostSpider.

The Chinese cyber-espionage group, Earth Estries, has been targeting critical industries globally, including telecommunications and government sectors, since 2023.

The group has infiltrated over 20 organizations across the U.S., Asia-Pacific, the Middle East, and South Africa, employing advanced techniques to conduct long-term spying operations. Victims also include companies in technology, consulting, chemical, and transportation industries, as well as non-profits and government agencies.

Earth Estries exploits vulnerabilities in public-facing servers to gain initial access, using legitimate system tools, known as “living-off-the-land binaries,” to move undetected within networks.

Once inside, the group deploys custom malware like GHOSTSPIDER, SNAPPYBEE, and MASOL RAT to establish control and extract sensitive information.

Recent attacks have revealed that GHOSTSPIDER, a modular backdoor, is designed to load different tools for specific tasks, enabling the group to adapt its tactics while evading detection. The group’s operations show a high level of coordination, with different teams managing specific aspects of their campaigns.

Overlaps in their tactics, techniques, and procedures with other Chinese hacking groups suggest shared tools, possibly through underground marketplaces offering malware as a service.

Investigations into Earth Estries have highlighted their focus on telecommunications and government networks, often targeting vendor systems to gain indirect access to their primary objectives.

In one case, they used the DEMODEX rootkit to compromise machines belonging to a major telecommunications contractor, allowing them to expand their reach undetected.

Analysts note that Earth Estries’ operations extend from edge devices to cloud systems, making them particularly difficult to identify and mitigate.

Their techniques include exploiting server vulnerabilities and deploying sophisticated tools to maintain persistence within their targets’ networks. Experts warn that Earth Estries’ activities demonstrate the growing complexity of cyber-espionage campaigns.

Organizations are urged to strengthen their cybersecurity defenses by addressing known vulnerabilities, monitoring network activity, and deploying advanced threat detection systems to detect and block attacks early in the process.

Trend Micro emphasize the need for proactive measures as Earth Estries continues to evolve its strategies, posing a serious threat to global industries and governments alike.

Zoom Rebrands As An AI-First Work Platform - 2

Photo by Iyus sugiharto on Unsplash

Zoom Rebrands As An AI-First Work Platform

  • Written by Andrea Miliani Former Tech News Expert

Zoom announced a new change for its company name, from Zoom Video Communications Inc. to Zoom Communications Inc., and rebranded its business as an “AI-first company” yesterday.

In a Rush? Here are the Quick Facts!

  • Zoom Video Communications Inc. changed its name to Zoom Communications Inc.
  • The business was rebranded as an AI-first company, jumping into a new era where video isn’t its first focus
  • Zoom AI Companion is now the main feature and the company is focusing on expanding AI capabilities

“Zoom is now about so much more than video meetings,” wrote Eric S. Yuan, the company’s CEO and founder in a public statement . “We are an AI-first company delivering modern, hybrid work solutions that enable you to collaborate seamlessly.”

As part of the company’s strategy to stay on top of new technologies and innovative trends, they have adopted AI as a “must-have” technology to integrate into its platform and with its customers. The company has been defined as an “AI-first company” with Zoom AI Companion, its AI assistant as its leading product.

Yuan also explained what it means to them to be an AI-first company: “Taking a federated approach to building AI-centric tools and products that enable you to work happier, smarter, and faster.”

The company’s CEO added that the current AI tools in Zoom Workplace are helping users focus more, summarize meetings, and perform other tasks to reduce workload, but expect, in the future, to expand their AI capabilities towards more free time for workers.

Zoom has launched multiple AI features to compete in the AI market. In August, the company launched Zoom Docs , an AI-powered document editor for Pro accounts to turn Zoom Meetings into documents. Last month, Zoom released AI Companion 2.0 , an upgraded version of its chatbot to help users finish tasks and stay organized.