China-Backed Hacker Group “Earth Lamia” Targets Global Institutions with Sophisticated Exploits

A China-backed cyber-espionage group known as *Earth Lamia* is actively targeting critical infrastructure across several countries, including India, Brazil, Vietnam, the Philippines, and Thailand. The campaign involves a barrage of nine high-level exploits aimed at government agencies, IT firms, and top-tier universities.

Among the tools in their arsenal are well-known vulnerabilities in platforms like SAP NetWeaver and JetBrains TeamCity. Attack vectors include classic SQL injections, the deployment of custom malware strains, and a particularly curious use of ransomware—encrypting systems, then inexplicably deleting the ransomware payload itself.

This suggests motives beyond financial gain, possibly aligning with espionage or data exfiltration objectives rather than typical ransom demands. The removal of ransomware post-infection may be an effort to erase traces and confuse investigators.

With the sophistication and reach of Earth Lamia’s operations, experts are urging all affected sectors to review patch management, monitor for unusual system behavior, and harden their perimeter defenses immediately.

Cyberwarfare is escalating—and Earth Lamia is a name to watch.

CheckDot is SAFU