Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
May 14, 2025
Cyber Espionage / Malware
A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while the second wave, referred to as TIDRONE, singled out the military industry. Earth Ammit is assessed to be connected to Chinese-speaking nation-state groups. "In its VENOM campaign, Earth Ammit's approach involved penetrating the upstream segment of the drone supply chain," security researchers Pierre Lee, Vickie Su, and Philip Chen said . "Earth Ammit's long-term goal is to compromise trusted networks via supply chain attacks, allowing them to target high-value entities downstream and amplify their reach." The TIDRONE campaign was first exposed by Trend Micro la...