Trend Micro revealed two campaigns by Earth Longzhi from 2020 to 2022 and introduced some of the group’s arsenal in these campaigns.

Since APT41 was first discovered in 2015, they have not stopped evolving. The group has created a new subgroup called “Earth Longzhi” with two major campaigns in 2020 and 2022 respectively.

In 2020, APT41 is planning to hijack three Chinese Government agencies with at least one of them being Aviation. One of the targets was Citibank with 10 other targets they were directly targeting.

In 2022, APT41 is targeting government organizations or sites in Western countries. This is mainly against utility companies and financial institutions with their focus being on solar power.

With two major campaigns that are still ongoing in 2020 and 2022 respectively, we can expect them to launch more threats in those timeframes but for now leave us our predictions for the future of APT4.

Cybercriminals tend to never stop improving their toolsets. We expect to see APT41 evolve and expand the capabilities of their operations.

Hiding the threat in a fake update is one way that they can evade detection. This can be done by having behind-the-scenes command and control servers as well as automated tools such as Ghostbin to automate the download, installation and execution on a compromised machine.

One of their most interesting campaigns is not just targeting government organizations but also universities and scientific research centers. The latter two are usually quite advanced in terms of their security and trending topics for cybercriminals, so it is quite surprising to see Earth Longzhi targeting them in 2017 with Operation Hidden Dragon.

‍

Source: Hack the Real Box: APT41’s New Subgroup Earth Longzhi - AlienVault - Open Threat Exchange