"Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics"

After more than six months of inactivity, the Chinese state-sponsored cyber group Earth Longzhi has reemerged with a new campaign targeting government, healthcare, technology, and manufacturing entities in Taiwan, Thailand, the Philippines, and Fiji. Trend Micro linked the intrusion set to the cyber espionage group Earth Longzhi, which is a subgroup of APT41, also known as HOODOO or Winnti, and overlaps with Earth Baku, SparklingGoblin, and GroupCC. The cybersecurity company first documented Earth Longzhi in November 2022, detailing its attacks against numerous organizations in East and Southeast Asia and Ukraine. Attack chains conducted by the threat actor involve vulnerable public-facing applications as entry points to deploy the BEHINDER web shell, and then leverage this access to drop additional payloads, including a new variant of a Cobalt Strike loader known as CroxLoader. This article continues to discuss the resurfacing of the Chinese state-sponsored hacking group Earth Longzhi.

THN reports "Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics"