Intel Name: Earth ammit disrupts drone supply chains through coordinated multi-wave attacks in taiwan
Date of Scan: May 14, 2025
Impact: High
Summary: Earth Ammit, a threat actor linked to Chinese-speaking APT groups, conducted two coordinated cyberespionage campaigns—VENOM and TIDRONE—between 2023 and 2024, targeting organizations in Taiwan and South Korea. The VENOM campaign focused on infiltrating the upstream drone supply chain using open-source tools, while the later TIDRONE campaign shifted to custom-built malware like CXCLNT and CLNTEND to target military sectors. Affected industries include military, satellite, software, media, and healthcare. The group’s strategic goal is to compromise trusted networks through supply chain attacks, enabling deeper access to high-value targets. Recommended defenses include third-party risk management, Zero Trust Architecture, patching, and advanced behavioral monitoring.
