Earth Wendigo

Description

(Trend Micro) We discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely-used in Taiwan. With no clear connection to any previous attack group, we gave this new threat actor the name “Earth Wendigo.”

Additional investigation shows that the threat actor also sent spear-phishing emails embedded with malicious links to multiple individuals, including politicians and activists, who support movements in Tibet, the Uyghur region, or Hong Kong. However, this is a separate series of attacks from their operation in Taiwan, which this report covers.

Names

Name	Name-Giver
Earth Wendigo	Trend Micro

Country

China

Motivation

Information theft and espionage

First Seen

2019

Observed Sectors

Observed Countries

Taiwan

Tools

Cobalt Strike

Information

https://www.trendmicro.com/en_us/research/21/a/earth-wendigo-injects-javascript-backdoor-to-service-worker-for-.html

Other Information

Uuid

94bb4827-bba0-4b88-a6de-c7db9e6e8c1d

Last Card Change

2021-01-07

Threat Intelligence Garden

Explorer

Earth Wendigo

Earth Wendigo

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks