SYMBOL | COMMON_NAME | aka. SYNONYMS |
Earth Wendigo is a threat actor from China that has been targeting several organizations — including government organizations, research institutions, and universities in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely used in Taiwan. The threat actor also sent spear-phishing emails embedded with malicious links to multiple individuals, including politicians and activists, who support movements in Tibet, the Uyghur region, or Hong Kong.
There are currently no families associated with this actor.
2021-01-05
⋅
Trend Micro
⋅
Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration Cobalt Strike Earth Wendigo |