Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024

Nov. 27, 2024, 7:02 p.m.

Description

A spear-phishing campaign targeting Japan since June 2024 has been identified, featuring the reemergence of the ANEL backdoor, previously used by APT10 until 2018. The campaign, attributed to Earth Kasha, targets individuals in political organizations, research institutions, and international relations-related entities. The attack utilizes various infection methods, including macro-enabled documents and shortcut files. The malware suite includes ROAMINGMOUSE, ANELLDR, and updated versions of ANEL. Post-exploitation activities involve information gathering and, in some cases, deployment of the more advanced NOOPDOOR backdoor. This campaign marks a shift in Earth Kasha's tactics, moving from exploiting vulnerabilities in edge devices to targeting individuals through spear-phishing.

Date

Published: Nov. 27, 2024, 6:31 p.m.

Created: Nov. 27, 2024, 6:31 p.m.

Modified: Nov. 27, 2024, 7:02 p.m.

Indicators

Trojan_ANELLDR_type1

208.85.18.4

139.84.131.62

139.84.136.105

45.77.252.85

45.32.116.146

Attack Patterns

ANELLDR

ROAMINGMOUSE

ANEL

UPPERCUT - S0275

NOOPDOOR

Earth Kasha

T1027.004

T1548.002

T1027.002

T1059.003

T1059.001

T1566.002

T1204.002

T1106

T1055

T1134

T1140

T1027

T1072

Additional Informations

Technology

Government

Japan