Attacks involving rootkits and cloud-based data exfiltration tools have been deployed by newly emergent advanced persistent threat operation Earth Kurma against government and telecommunications organizations in Malaysia, Thailand, Vietnam, and the Philippines as part of a hacking campaign that commenced in June, according to The Hacker News.

Earth Kurma has been exploiting initial access on targeted networks to facilitate the distribution of the NBTSCAN, FRPC, Ladon, WMIHACKER, and ICMPinger tools for scanning and lateral movement, as well as the KMLOG keylogger for credential gathering activities, before proceeding with the delivery of the DMLOADER, DUNLOADER, and TESDAT loaders, a report from Trend Micro showed.

Aside from enabling the deployment of Cobalt Strike beacons, such loaders also allowed injection of the Moriya and KRNRAT rootkits, as well as the SIMPOBOXSPY and ODRIX tools that uploaded stolen data as RAR archives to Dropbox and OneDrive, respectively.

Researchers emphasized the highly adaptive nature of Earth Kurma hackers, who could leverage previously used code bases, as well as victims’ infrastructure, in their attacks.