Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024
Nov. 27, 2024, 7:02 p.m.
Tags
External References
Description
A spear-phishing campaign targeting Japan since June 2024 has been identified, featuring the reemergence of the ANEL backdoor, previously used by APT10 until 2018. The campaign, attributed to Earth Kasha, targets individuals in political organizations, research institutions, and international relations-related entities. The attack utilizes various infection methods, including macro-enabled documents and shortcut files. The malware suite includes ROAMINGMOUSE, ANELLDR, and updated versions of ANEL. Post-exploitation activities involve information gathering and, in some cases, deployment of the more advanced NOOPDOOR backdoor. This campaign marks a shift in Earth Kasha's tactics, moving from exploiting vulnerabilities in edge devices to targeting individuals through spear-phishing.
Date
Published: Nov. 27, 2024, 6:31 p.m.
Created: Nov. 27, 2024, 6:31 p.m.
Modified: Nov. 27, 2024, 7:02 p.m.
Indicators
Trojan_ANELLDR_type1
208.85.18.4
139.84.131.62
139.84.136.105
45.77.252.85
45.32.116.146
Attack Patterns
ANELLDR
ROAMINGMOUSE
ANEL
UPPERCUT - S0275
NOOPDOOR
Earth Kasha
T1027.004
T1548.002
T1027.002
T1059.003
T1059.001
T1566.002
T1204.002
T1106
T1055
T1134
T1140
T1027
T1072
Additional Informations
Technology
Government
Japan