Recent cyberattacks by the APT group Earth Alux have exposed the use of advanced malware, including the VARGEIT backdoor, to breach critical industries. Active since 2023, the China-linked group has targeted organizations in the Asia-Pacific and Latin America, focusing on government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors.
VARGIET Malware
Earth Alux relies on VARGEIT, a multi-stage backdoor designed for long-term persistence in infected systems. It is often used with COBEACON and deployed through techniques like DLL sideloading and timestomping.
These methods help the group evade detection while gathering data, conducting reconnaissance, and stealing information.
VARGEIT is a modular backdoor with advanced capabilities, allowing attackers to run commands, gather system data, and inject tools into processes like mspaint.exe for stealthy, fileless operations. It communicates via HTTP, reverse TCP/UDP, and Microsoft Outlook’s Graph API, helping Earth Alux maintain control while staying hidden.
The attack begins by exploiting server vulnerabilities to deploy web shells like GODZILLA. From there, the group installs backdoors like COBEACON or VARGEIT using debugger scripts or encrypted payloads. Later stages involve tools like RAILLOAD for loading encrypted configurations and RAILSETTER for persistence through timestomping and scheduled tasks.
Initially targeting APAC nations like Thailand, the Philippines, Malaysia, and Taiwan in 2023, Earth Alux has now extended its operations to Latin America by mid-2024. The group’s focus on high-value industries highlights its intent to steal sensitive data, disrupt operations, and cause financial harm to targeted organizations.
How Organizations Can Defend Against Earth Alux
- Keep Systems Updated – Regularly patch vulnerabilities that could be exploited for initial access.
- Monitor for Anomalies – Watch for unusual network activity or system slowdowns that may indicate an attack.
- Enhance Security Posture – Deploy advanced security solutions with endpoint detection and response (EDR) capabilities to detect and stop threats in real time.
As Earth Alux continues refining its tactics, organizations must remain proactive. Strengthening cybersecurity defenses and staying informed on emerging threats is key to preventing costly breaches.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment