HOMETHREATSEarth Baxia
APT / THREAT GROUP

Earth Baxia

🇨🇳China-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing emails and exploiting the GeoServer vulnerability CVE-2024-36401 for remote code execution, deploying customized Cobalt Strike components with altered signatures, leveraging GrimResource and AppDomainManager injection techniques to deliver additional payloads, and utilizing a new backdoor named EAGLEDOOR for multi-protocol communication and payload delivery.

Threat Analysis

Earth Baxia is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Earth Baxia — Active Operations March 2026

Earth Baxia is a unknown-motivation threat actor attributed to China. Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing emails and exploiting the GeoServer vulnerability CVE-2024-36401 for remote code execution, deploying customized Cobalt ...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇨🇳 China
Aliases1
SourceMalpedia

Also Known As

Earth Baxia

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Earth Baxia — APT / Threat Group | Threat Intelligence | CTIWATCH.COM