Earth Kurma

Description

(Trend Micro) Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure abuse, and complex evasion techniques.

This campaign poses a high business risk due to targeted espionage, credential theft, persistent foothold established through kernel-level rootkits, and data exfiltration via trusted cloud platforms.

Organizations primarily in government and telecommunications sectors in Southeast Asia (particularly the Philippines, Vietnam, Thailand, Malaysia) are affected. Organizations face potential compromise of sensitive government and telecommunications data, with attackers maintaining prolonged, undetected access to their networks.

May be related to Operation TunnelSnake or ToddyCat.

Names

NameName-Giver
Earth KurmaTrend Micro

Country

Motivation

  • Information theft and espionage

First Seen

2020

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

2a7be61b-1aab-49b6-a853-40174fa5838f

Last Card Change

2025-06-27