Earth Naga

Also known as: Earth Naga

Earth Naga is an APT group that has persistently targeted high-value organizations, including government agencies, telecommunications, and military-related manufacturers, primarily in Taiwan and the broader APAC region. They have been linked to the use of Draculoader and ShadowPad C&C infrastructure, demonstrating sophisticated TTPs such as establishing SSH connections through compromised mail servers. Earth Naga has collaborated with Earth Estries, sharing access to facilitate continued exploitation, complicating detection and attribution efforts. Their operations reflect a growing interest in global intelligence collection, extending to NATO member countries and Latin America.

🌍 Country China

Introduction

Earth Naga is an APT group that has persistently targeted high-value organizations, including government agencies, telecommunications, and military-related manufacturers, primarily in Taiwan and the broader APAC region. They have been linked to the use of Draculoader and ShadowPad C&C infrastructure, demonstrating sophisticated TTPs such as establishing SSH connections through compromised mail servers. Earth Naga has collaborated with Earth Estries, sharing access to facilitate continued exploitation, complicating detection and attribution efforts. Their operations reflect a growing interest in global intelligence collection, extending to NATO member countries and Latin America.

Activities and Tactics

Country of Origin: 🇨🇳 China

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Xploit:

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.