Earth Longzhi, a state-sponsored Chinese hacking group, has reappeared after 6 months of no activity with a new campaign that is targeting government, healthcare, tech, and manufacturing entities in Taiwan, Thailand, the Philippines, and Fiji. The group is using vulnerable public-facing applications and a new variant of a Cobalt Strike loader, CroxLoader, to deploy the BEHINDER web shell and two techniques, BYOVD and “stack rumbling”, to disable security products. They are also utilizing a DLL-based dropper and a privilege escalation tool to launch a downloader with SYSTEM privileges. Decoy documents in Vietnamese and Indonesian have been identified, suggesting potential future targets in those countries.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.