{"id":56791,"date":"2024-08-09T00:00:00","date_gmt":"2024-08-09T00:00:00","guid":{"rendered":"urn:uuid:faeef7e7-494f-db01-c84f-cc6ff9c9f895"},"modified":"2024-08-09T00:00:00","modified_gmt":"2024-08-09T00:00:00","slug":"a-dive-into-earth-bakus-latest-campaign","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/","title":{"rendered":"A Dive into Earth Baku\u2019s Latest Campaign"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/earth-baku-cover:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/24\/earth-baku-cover.png\" class=\"ff-og-image-inserted\"><\/div>\n<h2><span class=\"body-subhead-title\"><\/span><\/h2>\n<p>StealthReacher (aka <a href=\"https:\/\/www.zscaler.com\/blogs\/security-research\/dodgebox-deep-dive-updated-arsenal-apt41-part-1\">DodgeBox<\/a>) can be considered as an enhanced variant of StealthVector, featuring code obfuscation techniques such as <i>FNV1-a<\/i> and other defense evasion mechanisms. Compared to the older StealthVector, it uses AES algorithms for encryption and MD5 hashing for <i>checksum<\/i>. Based on our observations, StealthReacher is the specified loader to launch the new modular backdoor, SneakCross.<\/p>\n<p>It\u2019s noting that both StealthVector and StealthReacher will perform re-encryption after the first initiation via XOR encryption, with the key being the victim\u2019s computer name. From a digital forensics&#8217; aspect, it is challenging to decrypt and analyze the collected payload even though all the components (loader and payload) were collected at the same time.<\/p>\n<h3><span class=\"body-subhead-title\"><\/span><\/h3>\n<p>SneakCross is a new modular backdoor that uses Google services for its command-and-control (C&amp;C) communication. It employs Windows Fibers to evade detection from network protection products and EDR solutions. We believe it to be the successor to their previous modular backdoor, ScrambleCross, which was mentioned in our <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign.html\">previous report<\/a>. The modular design allows attackers to easily update its capabilities, modify its behavior, and customize functionality for different scenarios.<\/p>\n<p>In <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/apt41-arisen-from-dust\">Google Cloud\u2019s report<\/a>, they mentioned that they successfully found at least 15 plugins that support various backdoor functions including:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Shell Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">File System Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Process Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Network Probing<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Network Store Interface Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Screen Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">System Information Discovery<\/span><\/li>\n<li><span class=\"rte-red-bullet\">File Manipulation Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Keylogger<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Active Directory Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">File Uploader<\/span><\/li>\n<li><span class=\"rte-red-bullet\">RDP<\/span><\/li>\n<li><span class=\"rte-red-bullet\">DNS Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">DNS Cache Operations<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Registry Operations<\/span><\/li>\n<\/ul>\n<h2><span class=\"body-subhead-title\">Post-Exploitation routine<\/span><\/h2>\n<p>During the post-exploitation stage, Earth Baku will deploy various tools on the victim\u2019s environment for persistence, privilege escalation, discovery and exfiltration. In this section, we \u2018ll examine the most noteworthy of these tools.<\/p>\n<h3><span class=\"body-subhead-title\">Persistence: reverse-tunnel<\/span><\/h3>\n<p>We found the threat actors attempting to build reverse tunnels with the following tools for persistent control access to compromised machines:<\/p>\n<p><b>Customized iox tool<\/b> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n<p>The perpetrators built their own <i><a href=\"https:\/\/github.com\/EddieIvan01\/iox\">iox tunneling tool<\/a><\/i> based on its public source code. Changes include simplified required arguments (local IP\/Port) and an additional special argument <i>-ggg<\/i>. To launch the tool, the user needs to input this special argument, after which the tool works properly.<\/p>\n<p><b>Rakshasa<\/b><\/p>\n<p><a href=\"https:\/\/github.com\/Mob2003\/rakshasa\">Rakshasa<\/a> is a powerful proxy tool written in Go, designed specifically for multi-level proxying and internal network penetration.<\/p>\n<p><b>Tailscale<\/b><\/p>\n<p>Tailscale is a Virtual Private Network (VPN) service created to enable secure connectivity between devices within a unified virtual network. Recently, we have identified threat actors attempting to incorporate compromised systems into their virtual networks using the Tailscale platform. Additionally, these threat actors have been using legitimate Tailscale servers as intermediaries, significantly complicating the process of tracing the origins of their activities.<\/p>\n<h3><span class=\"body-subhead-title\">Exfiltration<\/span><\/h3>\n<p>Within the victim\u2019s environment, we found many MEGAcmd tools dropped onto infected machines. MEGAcmd is a command-line tool used for interacting with the MEGA cloud storage service.&nbsp; We infer that the threat actors attempted to use this tool for exfiltrating stolen data to MEGA, hoping to capitalize on its ability to efficiently upload large volumes of data. This procedure was also observed with an associated group, <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques\/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf\">Earth Lusca<\/a>.<\/p>\n<h2><span class=\"body-subhead-title\">Conclusion<\/span><\/h2>\n<p>Earth Baku has significantly expanded its reach from the Indo-Pacific to Europe and MEA since late 2022. Their recent operations showcase advanced techniques, including the use of public-facing applications like IIS servers for initial access and the deployment of the Godzilla webshell for control. The group has employed new loaders such as StealthVector and StealthReacher, to stealthily launch backdoor components, and added SneakCross as their latest modular backdoor. Earth Baku also used several tools during its post-exploitation including a customized iox tool, Rakshasa, TailScale for persistence, and MEGAcmd for efficient data exfiltration. These developments underscore Earth Baku\u2019s evolving and increasingly sophisticated threat profile, which can potentially pose significant challenges for cybersecurity defenses.<\/p>\n<p>To defend against cyberespionage tactics and minimize the risk of compromise, both individual users and organizations implement the following best practices:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><b>Implementing the principle of least privilege:<\/b> Restricting access to sensitive data and closely monitoring user permissions makes it more challenging for attackers to move laterally within a corporate network.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Addressing security gaps:<\/b> Regularly updating systems and applications and enforcing strict patch management policies allows organizations to address security gaps within their system. Furthermore, employing virtual patching can help secure legacy systems for which patches are unavailable.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Developing a proactive incident response strategy:<\/b> Deploying defensive measures designed to identify and mitigate threats in the event of a breach, and conducting regular security drills improves the effectiveness of an organization\u2019s incident response plan.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Adopting the 3-2-1 backup rule:<\/b> Maintaining at least three copies of corporate data in two different formats, with one air-gapped copy stored off-site ensures that data remains intact even in the event of a successful attack. Regularly updating and testing these backups helps ensure the integrity of the data.<\/span><\/li>\n<\/ul>\n<p>Organizations looking to defend themselves from sophisticated attacks can consider powerful security technologies such as <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response.html\">Trend Vision One\u2122<\/a>, which allows security teams to continuously identify attack surfaces, including both known and unknown, plus managed and unmanaged cyber assets.<\/p>\n<p>It assists organizations in prioritizing and addressing potential risks and vulnerabilities by evaluating critical factors, such as the likelihood and impact of possible attacks, providing a comprehensive set of prevention, detection, and response capabilities, all supported by advanced threat research, intelligence, and AI. Vision One enhances an organization&#8217;s overall security posture and effectiveness, offering robust protection against all types of attacks.<\/p>\n<p>The indicators of compromise for this entry can be found <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/24\/h\/earth-baku\/ioc-a-dive-into-earth-baku-latest-campaign.txt\">here<\/a>.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/24\/h\/earth-baku-latest-campaign.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56792,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9513,9509],"class_list":["post-56791","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-malware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A Dive into Earth Baku\u2019s Latest Campaign 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Dive into Earth Baku\u2019s Latest Campaign 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-09T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/earth-baku-cover:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"A Dive into Earth Baku\u2019s Latest Campaign\",\"datePublished\":\"2024-08-09T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/\"},\"wordCount\":917,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/a-dive-into-earth-bakus-latest-campaign.png\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/\",\"name\":\"A Dive into Earth Baku\u2019s Latest Campaign 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/a-dive-into-earth-bakus-latest-campaign.png\",\"datePublished\":\"2024-08-09T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/a-dive-into-earth-bakus-latest-campaign.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/a-dive-into-earth-bakus-latest-campaign.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/a-dive-into-earth-bakus-latest-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A Dive into Earth Baku\u2019s Latest Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Dive into Earth Baku\u2019s Latest Campaign 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/","og_locale":"en_US","og_type":"article","og_title":"A Dive into Earth Baku\u2019s Latest Campaign 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-08-09T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/earth-baku-cover:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"A Dive into Earth Baku\u2019s Latest Campaign","datePublished":"2024-08-09T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/"},"wordCount":917,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/a-dive-into-earth-bakus-latest-campaign.png","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Malware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/","url":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/","name":"A Dive into Earth Baku\u2019s Latest Campaign 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/a-dive-into-earth-bakus-latest-campaign.png","datePublished":"2024-08-09T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/a-dive-into-earth-bakus-latest-campaign.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/a-dive-into-earth-bakus-latest-campaign.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/a-dive-into-earth-bakus-latest-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"A Dive into Earth Baku\u2019s Latest Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56791"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56791\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56792"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}