Active since at least 2020, Earth Estries has been observed employing an arsenal of backdoors and hacking tools.
It also shares tactical overlaps with another nation-state group, Famous Sparrow, which was first exposed by ESET in 2021 as exploiting ProxyLogon flaws in Microsoft Exchange Server to penetrate hospitality, government, engineering, and legal sectors.
The adversary uses techniques such as PowerShell downgrade attacks and novel DLL side-loading combinations to evade detection.
According to the report, Earth Esters relies heavily on DLLs and DLL Side-loading to load various tools within its arsenal.
The researchers said.
They also use techniques like PowerShell downgrades and new DLL combination combinations to evade detection.
They explain how Identity Threat Detection and Response (ITDR) identifies and mitigates threats with the help of SSPM.