Custom Arsenal Developed to Target Multiple Industries
Earth Lamia, an APT threat actor, has been targeting organizations in Brazil, India, and Southeast Asia since 2023. The group exploits web application vulnerabilities, particularly SQL injection, to gain access to targeted systems. They have developed custom tools like PULSEPACK backdoor and BypassBoss for privilege escalation. Earth Lamia's targets have shifted over time, initially focusing on financial services, then logistics and online retail, and recently IT companies, universities, and government organizations. The group employs various techniques including DLL sideloading, use of legitimate binaries, and development of modular backdoors. Earth Lamia's activities have been linked to other reported campaigns, suggesting a complex and evolving threat landscape.
Pulse ID: 68359559953d95d9c98f6268
Pulse Link: https://otx.alienvault.com/pulse/68359559953d95d9c98f6268
Pulse Author: AlienVault
Created: 2025-05-27 10:35:05
Be advised, this data is unverified and should be considered preliminary. Always do further verification.