Cyber Threat Actor: Earth Berberoka
| Actor Type | Location | Known Incidents |
Nation State
|
China
|
0 incidents |
|---|
Profile
Earth Berberoka, also known as Earth Emperror, is a threat actor linked to China according to publicly available reporting. The actor is described as a China‑linked group that has been observed conducting cyber operations against critical infrastructure and maritime targets. Attribution to a Chinese state nexus is implied by the article’s references to China‑linked activity and the Belt and Road Initiative context, though no explicit governmental affiliation is declared in the source material.
The actor’s typical targeting focuses on the power sector and maritime organizations, with reported impacts on hospitals, train services and stock market operations in India. The campaign’s objective is noted in the article as potentially relating to China’s strategic interests in India via the Belt and Road Initiative, indicating a goal of geopolitical influence rather than financial gain. Targeting appears concentrated in India, reflecting the regional focus of the described operations.
Noted tactics, techniques and procedures include the use of the ShadowPad malware family and the AXIOMATICASYMPTOTE toolset, which are associated with the RedEcho campaign. The actor’s tooling style overlaps with that of APT41/Barium, suggesting shared or similar capabilities. Initial access vectors are not detailed in the provided sources. A representative operation is the RedEcho campaign that targeted ten power sector organizations and two maritime entities, resulting in disruptions to essential services such as healthcare, rail transport and financial markets. This campaign is cited as a significant publicly reported operation illustrating the actor’s focus on critical infrastructure disruption.
