SparklingGoblin

SparklingGoblin is an Advanced Persistent Threat (APT) group tracked by ESET, also known as Earth Baku by Trend Micro. SparklingGoblin shows overlaps with the Winnti Group but exhibits distinct operational tactics.

The group uses modular backdoors, specifically "SideWalk" and "CROSSWALK", which are capable of dynamic module loading, proxy handling, and encrypted communication with command-and-control (C2) servers.

SparklingGoblin has targeted a wide range of organizations globally, with a focus on the academic sector and East and Southeast Asia.

www.welivesecurity.com

https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/

www.welivesecurity.com

https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/

www.welivesecurity.com

https://www.welivesecurity.com/2022/09/14/you-never-walk-alone-sidewalk-backdoor-linux-variant/