Earth Longzhi

Description

A subgroup of APT 41.

(Trend Micro) In early 2022, we investigated an incident that compromised a company in Taiwan. The malware used in the incident was a simple but custom Cobalt Strike loader. After further investigation, however, we found incidents targeting multiple regions using a similar Cobalt Strike loader. While analyzing code similarities and tactics, techniques, and procedures (TTPs), we discovered that the actor behind this attack has been active since 2020. After clustering each intrusion, we concluded that the threat actor is a new subgroup of advanced persistent threat (APT) group APT41 that we call Earth Longzhi.

Names

Name	Name-Giver
Earth Longzhi	Trend Micro

Country

China

Motivation

Information theft and espionage

First Seen

2020

Observed Sectors

Observed Countries

Tools

Operations

2023-04: Attack on Security Titans: Earth Longzhi Returns With New Tricks https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html

Information

https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html

Other Information

Uuid

4362a46c-19a1-444e-9755-a46be517f039

Last Card Change

2023-10-12

Threat Intelligence Garden

Explorer

Earth Longzhi

Earth Longzhi

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Operations

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks