APT10 LODEINFO NOOPDOOR Campaign
Earth Kasha APT10 subgroup campaign targeting Japanese government, technology and defence organisations. Switched initial access to exploitation of public-facing applications in April 2023. Deploys LODEINFO and NOOPDOOR custom backdoors for long-term espionage and data exfiltration.
Start date
1 April 2023
End date
—
Techniques
24
Attributed actors
Techniques (24)
collection2
T1005Data from Local System
T1560.001Archive via Utility
command-and-control4
T1573.001Symmetric Cryptography
T1090.001Internal Proxy
T1105Ingress Tool Transfer
T1071.001Web Protocols
defense-impairment2
T1574.002DLL Side-Loading
T1070.001Clear Windows Event Logs
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1053.005Scheduled Task
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1078Valid Accounts
T1566.001Spearphishing Attachment
T1190Exploit Public-Facing Application
lateral-movement1
T1021.001Remote Desktop Protocol
persistence5
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1574.002DLL Side-Loading
T1543.003Windows Service
T1053.005Scheduled Task
privilege-escalation6
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1574.002DLL Side-Loading
T1055Process Injection
T1543.003Windows Service
T1053.005Scheduled Task
stealth5
T1078Valid Accounts
T1140Deobfuscate/Decode Files or Information
T1070.004File Deletion
T1055Process Injection
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.