অর্ঘ্য 🏏📚 💻Feb 18, 2025

A new cyber espionage campaign #RevivalStone, attributed to the #Chinese #WinntiGroup, is targeting the #Japanese manufacturers, materials & energy sectors, by leveraging sophisticated tools like #DEATHLOTUS & #UNAPIMON to infiltrate & control enterprise systems.

🔗 https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

Winnti’s RevivalStone campaign exploited an ERP SQL flaw to deploy upgraded malware, breaching an MSP and infecting multiple firms.

The Hacker News
Not SimonApr 2, 2024

Trend Micro reported on the attack chain of a cyberespionage group Earth Freybug, which they claim is a subset of the Chinese state-sponsored APT41 (Winnti Group). No information about the targets or timeline, but they describe a new UNAPIMON malware used for defense evasion ( prevent child processes from being monitored). One SHA256 provided, which isn't recognized in VirusTotal. 🔗 https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html

#China #cyberespionage #EarthFreybug #APT41 #Winnti #UNAPIMON #threatintel #IOC

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Trend Micro