BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Chinese cybercriminals Earth Longzhi use new method to deactivate security systems on target computers

    Taiwan, Thailand and the Philippines have already been targeted by cybercriminals, followed by Vietnam and Indonesia.

    Cybersecurity researchers at Trend Micro have discovered a new malware campaign by the Earth Longzhi attack group that targets organizations in Taiwan, Thailand, the Philippines and Fiji.

    The campaign uses the Windows Defender executable to download a malicious DLL in a BYOVD attack that aims to disable security products installed on the target computer.

    The researchers also found that Earth Longzhi uses a new way to shut down security products, a method that Trend Micro has dubbed "Stack Rumbling." This is a new type of DoS attack using IFEO parameter vulnerabilities in Windows.

    During the malicious operation, the attackers also installed drivers as kernel-level services using Microsoft Remote Procedure Call (RPC) instead of using traditional Windows APIs.

    “It's a pretty stealthy way to avoid API monitoring. During our research, we also found several interesting samples that contained information not only about the potential targets of Earth Longzhi, but also about the methods they could use in future campaigns,” the report says.

    During its investigation, Trend Micro analyzed two separate Earth Longzhi campaigns that ran between 2020 and 2022. The gang is reportedly a subgroup of China's APT41, also known as Barium, Bronze Atlas, Double Dragon, and Wicked Panda.

    “This report is a continuation of our previous report and aims to inform readers that Earth Longzhi continues its operations and, as expected, is constantly improving its TTP,” Trend Micro said.

    “Although the malware samples we have collected resemble test files, they can still be useful because they contain information about potential targets of Earth Longzhi and new methods that the group may use in the future,” the experts added. According to the recovered files, the team concluded that Earth Longzhi could be targeting Vietnam and Indonesia in their future malware campaigns.

    “Another noteworthy finding is that attackers have shown a propensity to use open source projects to implement their own tools,” the company said.

    The Trend Micro team also added that there is clear evidence that the group improves its toolbox during periods of inactivity. “With this in mind, organizations should remain vigilant about the constant development of new schemes by cybercriminals,” the experts concluded.

    Author DeepWeb
    A new threat to financial institutions has emerged on the dark web
    Fresh RustBucket malware targets macOS users

    Comments 0

    Add comment