Summary: A new China-linked cyber threat actor, Earth Alux, has emerged, targeting sectors such as government, technology, and telecommunications in the APAC and LATAM regions. This group utilizes sophisticated methods and a diverse toolkit, including the VARGEIT and COBEACON backdoors, to exploit vulnerabilities and maintain long-term access to compromised systems. Researchers highlight the complexity and evolving nature of their tactics, emphasizing their focus on stealth and evasion of security measures.
Affected: Government, Technology, Logistics, Manufacturing, Telecommunications, IT Services, Retail sectors in the APAC and LATAM regions
Keypoints :
- First detected in Q2 2023, initially targeting the APAC region with subsequent activity noted in LATAM by mid-2024.
- The group exploits internet-facing vulnerabilities to deploy malware, including VARGEIT and COBEACON, for reconnaissance and data exfiltration.
- Utilizes advanced techniques like DLL side-loading and anti-API hooking to evade detection and ensure persistence within compromised environments.
Source: https://thehackernews.com/2025/04/china-linked-earth-alux-uses-vargeit.html