Earth Yako  (Back to overview)

aka: Enelink, Operation RestyLink

Earth Yako is a threat actor that has been actively targeting researchers in academic organizations and think tanks in Japan. They use spearphishing emails with malicious attachments to gain initial access to their targets' systems. Earth Yako's objectives and patterns suggest a possible connection to a Chinese APT group, but conclusive proof of their nationality is lacking. They have been observed using various malware delivery methods and techniques, such as the use of Winword.exe for DLL Hijacking.

Associated Families

There are currently no families associated with this actor.

2023-02-16Trend MicroHara Hiroaki, Masaoki Shoji, Yuka Higashi
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
MirrorKey TransBox Earth Yako

Credits: MISP Project