"New 'Earth Longzhi' APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders"
APT41, a Chinese Advanced Persistent Threat (APT), has been targeting entities in East and Southeast Asia, as well as Ukraine, at least since 2020. Trend Micro, which named the espionage team Earth Longzhi, said the actor's long-running campaign could be divided into two parts based on the toolset used to attack its targets. The first wave, from May 2020 to February 2021, is said to have targeted Taiwan's government, infrastructure, and healthcare industries, as well as the Chinese banking sector, whereas the second wave, from August 2021 to June 2022, is said to have infiltrated high-profile victims in Ukraine and several Asian countries. According to the cybersecurity firm, the victimology patterns and targeted sectors overlap with attacks carried out by Earth Baku, a distinct sister group of APT41, also known as Winnti. Some of Earth Baku's malicious cyber activities have been linked to groups known as SparklingGoblin and Grayfly by other cybersecurity firms. This article continues to discuss researchers' findings regarding the Earth Longzhi APT.