Sophisticated malware techniques accompany Earth Longzhi reemergence

New advanced malware techniques have been leveraged by Chinese state-backed threat group Earth Longzhi in a new attack campaign aimed at numerous entities in Taiwan, Fiji, Thailand, and the Philippines, which is the group's first after being inactive for more than half a year, according to The Hacker News. Vulnerable public apps have been targeted by Earth Longzhi to facilitate the delivery of the BEHINDER web shell, which would then enable the deployment of the new CroxLoader Cobalt Strike loader and the SPHijacker malware to deactivate security systems, a report from Trend Micro revealed. Earth Longzhi has also utilized the DLL-based Roxwrapper dropper to deploy BigpipeLoader and a privilege escalation tool that would enable the execution of the dllhost.exe payload tasked with next-stage malware retrieval. "Earth Longzhi remains active and continues to improve its tactics, techniques, and procedures (TTPs)... Organizations should stay vigilant against the continuous development of new stealthy schemes by cybercriminals," said Trend Micro researchers.