China’s ‘Earth Baxia’ Spies Exploit Geoserver to Target APAC

A China-linked hacking group dubbed Earth Baxia has targeted Taiwanese government agencies, the Philippine and Japanese military, and Vietnamese energy companies. The hackers used spear-phishing techniques to compromise victims and also exploited a vulnerability in open-source GeoServer software. Infected machines were installed with the Cobalt Strike client or a custom backdoor named EagleDoor. The group uses public cloud services for hosting malicious files and is not apparently connected to other known advanced persistent threat (APT) groups.