ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Earth Wendigo

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Earth Wendigo

NamesEarth Wendigo (Trend Micro)
CountryChina China
MotivationInformation theft and espionage
First seen2019
Description(Trend Micro) We discovered a new campaign that has been targeting several organizations — including government organizations, research institutions and universities in Taiwan — since May 2019, aiming to exfiltrate emails from targeted organizations via the injection of JavaScript backdoors to a webmail system that is widely-used in Taiwan. With no clear connection to any previous attack group, we gave this new threat actor the name “Earth Wendigo.”

Additional investigation shows that the threat actor also sent spear-phishing emails embedded with malicious links to multiple individuals, including politicians and activists, who support movements in Tibet, the Uyghur region, or Hong Kong. However, this is a separate series of attacks from their operation in Taiwan, which this report covers.
ObservedSectors: Education, Government and politicians and activists, who support movements in Tibet, the Uyghur region, or Hong Kong.
Countries: Taiwan.
Tools usedCobalt Strike.
Information<https://www.trendmicro.com/en_us/research/21/a/earth-wendigo-injects-javascript-backdoor-to-service-worker-for-.html>

Last change to this card: 06 January 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key