A report by Trend Micro released on April 2nd outlined a cyberespionage attack that the researchers attributed to Earth Freybug (also known as a subgroup of APT41). APT41 is also known as Axiom, Brass Typhoon (formerly Barium), Bronze Atlas, HOODOO, Wicked Panda, and Winnti.
Earth Freybug is reportedly a threat actor since 2012 and is primarily focused on various espionage and financial activities. Previous attacks attributed to the group targeted entities across various industries throughout the globe.
The threat actor uses “a diverse range of tools and techniques,” such as LOLBins and custom developed malware, to conduct the various cyberattacks. The company discovered the new malware Earth Freybug used during the attack and called it UNAPIMON.
The company also noted in its report that the cyberattack shares some “tactical overlaps with a cluster” that another company, Cybereason, disclosed as Operation CuckooBees.
The operation was a cyberespionage campaign to infiltrate various manufacturing and technology companies in East Asia, Western Europe, and North America to conduct intellectual property theft.
