Summary

> - Earth Estries, a Chinese APT group, has primarily targeted critical sectors like telecommunications and government entities across the US, Asia-Pacific, Middle East, and South Africa since 2023. > - The group employs advanced attack techniques and multiple backdoors, such as GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, affecting several Southeast Asian telecommunications companies and government entities. > - Earth Estries exploits public-facing server vulnerabilities to establish initial access and uses living-off-the-land binaries for lateral movement within networks to deploy malware and conduct long-term espionage. > - The group has compromised over 20 organizations, targeting various sectors including telecommunications, technology, consulting, chemical, and transportation industries, as well as government agencies and NGOs in numerous countries. > - Earth Estries uses a complex C&C infrastructure managed by different teams, and their operations often overlap with TTPs of other known Chinese APT groups, indicating possible use of shared tools from malware-as-a-service providers.