Earth Kurma

Description

(Trend Micro) Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure abuse, and complex evasion techniques.

This campaign poses a high business risk due to targeted espionage, credential theft, persistent foothold established through kernel-level rootkits, and data exfiltration via trusted cloud platforms.

Organizations primarily in government and telecommunications sectors in Southeast Asia (particularly the Philippines, Vietnam, Thailand, Malaysia) are affected. Organizations face potential compromise of sensitive government and telecommunications data, with attackers maintaining prolonged, undetected access to their networks.

May be related to Operation TunnelSnake or ToddyCat.

Names

Name	Name-Giver
Earth Kurma	Trend Micro

Country

China

Motivation

Information theft and espionage

First Seen

2020

Observed Sectors

Observed Countries

Tools

Information

https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html

Other Information

Uuid

2a7be61b-1aab-49b6-a853-40174fa5838f

Last Card Change

2025-06-27

Threat Intelligence Garden

Explorer

Earth Kurma

Earth Kurma

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks