HOMETHREATSEarth Yako
APT / THREAT GROUP🕵️ ESPIONAGEADVANCED

Earth Yako

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Earth Yako is a threat actor that has been actively targeting researchers in academic organizations and think tanks in Japan. They use spearphishing emails with malicious attachments to gain initial access to their targets' systems. Earth Yako's objectives and patterns suggest a possible connection to a Chinese APT group, but conclusive proof of their nationality is lacking. They have been observed using various malware delivery methods and techniques, such as the use of Winword.exe for DLL Hijacking.

Threat Analysis

Earth Yako is a advanced-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of espionage.

The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.

Classified as an advanced threat actor, Earth Yako likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.

External References

Quick Facts

TypeAPT / Threat Group
Motivation🕵️ espionage
Sophisticationadvanced
Aliases3
SourceMalpedia

Also Known As

Earth YakoEnelinkOperation RestyLink

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Earth Yako — APT / Threat Group | Threat Intelligence | CTIWATCH.COM