top of page

Earth Longzhi

Mitre

Nil

Alias

Earth Longzhi

Country

China

Sponsor

Nil

Motivation

Information Theft And Espionage

First Seen

2020

Description

A subgroup of {{APT 41}}.

(Trend Micro) In early 2022, we investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a similar Cobalt Strike loader. While analyzing code similarities and tactics, techniques, and procedures (TTPs), we discovered that the actor behind this attack has been active since 2020. After clustering each intrusion, we concluded that the threat actor is a new subgroup of advanced persistent threat (APT) group APT41 that we call Earth Longzhi.

Targeted
Industries

Aviation, Defense, Education, Financial, Government, Healthcare

Targeted
Countries

China, Indonesia, Malaysia, Pakistan, Taiwan, Thailand, Ukraine

Tools

Bigpipeloader
Cobalt Strike
Croxloader
Multipipeloader
Outloader
Symatic Loader

TTP

Nil

Operations
Performed

Nil

Counter
Operations

Nil

Information

https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html

bottom of page