Earth Alux

Description

(Trend Micro) The Earth Alux APT group’s schemes and tactics have been uncloaked through our relentless monitoring and investigation efforts. The China-linked intrusion set is actively launching cyberespionage attacks against the government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors.

The first sighting of its activity was in the second quarter of 2023; back then, it was predominantly observed in the APAC region. Around the middle of 2024, it was also spotted in Latin America.

Earth Alux has also been observed to conduct regular tests for some of its toolsets to ensure stealth and longevity in the target environment.

Names

Name	Name-Giver
Earth Alux	Trend Micro

Country

• China

Motivation

• Information theft and espionage

First Seen

2023

Observed Sectors

• Government
• IT
• Manufacturing
• Retail
• Shipping and Logistics
• Technology
• Telecommunications

Observed Countries

• Brazil
• Malaysia
• Philippines
• Taiwan
• Thailand

Tools

• Cobalt Strike
• Godzilla
• MASQLOADER
• RAILLOAD
• RAILSETTER
• RSBINJECT
• VARGEIT

Information

• https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html

Other Information

Uuid

a56a0330-c9ef-4365-8279-fe082dfc20e3

Last Card Change

2025-04-21