Investigating Common Patterns in Vietnam from the Perspective of Earth Zhulong

In 2020, a hacking group known as Earth Zhulong began targeting telecom, technology, and media sectors in Vietnam. After a long-term investigation, we believe that this group is likely related to the Chinese-linked hacking group 1937CN due to similar code in the custom shellcode loader and victimology. We have identified three different variants of the shellcode loader, ShellFang, used from 2020 to 2022. The latest variant has adopted more obfuscation techniques, such as abusing exception mechanisms and Windows API hashing. We have also found that Earth Zhulong has been using group policy objects to install loaders and launch Cobalt Strike on their target hosts. Additionally, they have been using various hacking tools, such as tunneling, port scanning, a Go-lang based backdoor, and an information stealer to harvest internal information. We have also found that the code structure of the latest variant is dramatically different from the old variants, but we were able to identify the relationship between them. We have identified the embedded shellcode as a Cobalt Strike shellcode which will be used to build a connection to a remote hacking machine. We believe that this lure document is one of the approaches used by the threat actors to compromise their targets. We have also observed that Earth Zhulong has been using DLL sideloading techniques to run their malware. We have also found that they have been using the notorious network-penetration tool, EarthWorm, and Themida packer to obfuscate the signature used for detection. We have also found a python-based information stealer used to collect internal information of victims. We believe that Earth Zhulong is a big threat to cybersecurity in Southeast Asia and that Trend Micro Vision One can help prevent threats like this with multiple security layers across all platforms.

This Cyber News was published on www.trendmicro.com. Publication date: Wed, 08 Feb 2023 13:34:03 +0000


Cyber News related to Investigating Common Patterns in Vietnam from the Perspective of Earth Zhulong

Investigating Common Patterns in Vietnam from the Perspective of Earth Zhulong - In 2020, a hacking group known as Earth Zhulong began targeting telecom, technology, and media sectors in Vietnam. After a long-term investigation, we believe that this group is likely related to the Chinese-linked hacking group 1937CN due to similar ...
1 year ago Trendmicro.com
Chinese APT Hackers Earth Krahang Exploits Government Exchange Servers - A new Advanced Persistent Threat campaign, dubbed Earth Krahang, has emerged with a focus on infiltrating government entities across the globe. This campaign, active since early 2022, has been linked to a China-nexus threat actor, previously ...
8 months ago Cybersecuritynews.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
11 months ago Silicon.co.uk
Chinese APT Hacks 48 Government Organizations - An advanced persistent threat actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports. Referred to as Earth Krahang, the hacking group appears linked to Earth ...
8 months ago Securityweek.com
CVE-2023-52770 - In the Linux kernel, the following vulnerability has been resolved: f2fs: split initial and dynamic conditions for extent_cache Let's allocate the extent_cache tree without dynamic conditions to avoid a missing condition causing a panic as below. # ...
5 months ago Tenable.com
Chinese Earth Krahang hackers breach 70 orgs in 23 countries - A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. According to Trend Micro researchers monitoring the ...
8 months ago Bleepingcomputer.com
Earth Lusca - Earth Lusca is a suspected China-based cyber espionage group that has been active since at least April 2019. Earth Lusca has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the ...
11 months ago Attack.mitre.org
Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents - A previously unidentified Chinese espionage group has managed to breach at least 70 organizations across 23 countries, including 48 in the government space, despite using rather standard-fare tactics, techniques, and procedures. Fitting such a ...
8 months ago Darkreading.com
NJRat Campaign Unleashes Cyber Attack from Earth Bogle – The Hacker News - In a recent cyber attack, a well-known malware named NJRat is being unleashed from the Earth Bogle campaign, as reported by The Hacker News. An NJRat is a malicious code that can be used to gain system infiltration and access to web servers. It is ...
1 year ago Thehackernews.com
Introducing ThreatCloud Graph: A Multi-Dimensional Perspective on Cyber Security - In the face of complex and sophisticated cyber threats, enterprises struggle to stay ahead. Addressing this core challenge, Check Point introduces ThreatCloud Graph, focused on proactive prevention of emerging threats. This groundbreaking feature ...
10 months ago Blog.checkpoint.com
Social Justice: a global perspective - Today, we commemorate World Day of Social Justice and honor those across the globe who stand for the equitable access to opportunities within societies where individuals' rights are recognized and protected. I have the distinct honor of leading the ...
9 months ago Feedpress.me
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals - Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018. WithSecure researchers have tracked these attacks to an active cluster of cybercriminals ...
11 months ago Infosecurity-magazine.com
Latest Information Security and Hacking Incidents - We all are no strangers to artificial intelligence expanding over our lives, but Predictive AI stands out as uncharted waters. Unlike its creative counterpart, Generative AI, Predictive AI relies on vast datasets and advanced algorithms to draw ...
6 months ago Cysecurity.news
CVE-2021-47341 - In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec ...
5 months ago Tenable.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
A top-secret Chinese spy satellite just launched on a supersized rocket - China's largest rocket apparently wasn't big enough to launch the country's newest spy satellite, so engineers gave the rocket an upgrade. The Long March 5 launcher flew with a payload fairing some 20 feet taller than its usual nose cone when it took ...
11 months ago Packetstormsecurity.com
The satellites using radar to peer at earth in minute detail - Synthetic aperture radar allows satellites to bounce radar signals off the ground and interpret the echo - and it can even peer through clouds. Clouds cover around two-thirds of the world at any one time, preventing conventional satellites from ...
5 months ago Packetstormsecurity.com
SpaceX Capsule Docks With ISS For Starliner Rescue Mission - A SpaceX Dragon capsule has docked at the International Space Station as NASA organises a trip back to Earth for two astronauts who have been stranted on the station since June. NASA astronaut Nick Hague and Roscosmos cosmonaut Aleksandr Gorbunov ...
1 month ago Silicon.co.uk
CVE-2021-47106 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2023-52772 - In the Linux kernel, the following vulnerability has been resolved: af_unix: fix use-after-free in unix_stream_read_actor() syzbot reported the following crash [1] After releasing unix socket lock, u->oob_skb can be changed by another thread. We must ...
5 months ago Tenable.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
1 month ago Securelist.com
Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers - The Vietnamese threat actors behind the Ducktail stealer malware have been linked to a new campaign that ran between March and early October 2023, targeting marketing professionals in India with an aim to hijack Facebook business accounts. "An ...
11 months ago Thehackernews.com
Vietnam hacked CCTV videos selling like hotcakes on Telegram - The Telegram messaging app has emerged as a hub for criminal activities, serving as a platform for data exchange among various illicit networks. Criminals, ranging from drug and child traffickers to cybercriminals, are increasingly utilizing Telegram ...
10 months ago Cybersecurity-insiders.com
iOS Trojan Collects Face and Other Data for Bank Account Hacking - Researchers at cybersecurity firm Group-IB have come across a new iOS trojan that is designed to help a Chinese cybercrime group obtain information needed to steal money from victims' bank accounts. The threat actor, tracked as GoldFactory, was first ...
9 months ago Securityweek.com
CVE-2024-26625 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)