| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Earth Alux is a China-linked APT group known for conducting cyberespionage attacks across various sectors, including government, technology, and telecommunications. They primarily exploit vulnerable services in exposed servers to gain initial access, implanting web shells like GODZILLA and deploying backdoors such as VARGEIT and COBEACON. The group employs tools like RSBINJECT and MASQLOADER for lateral movement and network discovery, while also utilizing RAILSETTER for persistence through mspaint injection. Their operations have predominantly targeted the APAC region and have extended to Latin America, with a focus on exfiltrating sensitive information to attacker-controlled cloud storage.
There are currently no families associated with this actor.
| 2025-03-31
⋅
Trend Micro
⋅
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques Godzilla Webshell Cobalt Strike RAILSETTER Earth Alux |