Hoodoo

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Hoodoo, also known as APT41, Winnti, Bronze Atlas, and several other aliases, is a threat actor believed to be backed by the Chinese government. This group is renowned for its complex campaigns that target a variety of sectors, with motivations ranging from exfiltrating sensitive data to financial gain. Hoodoo has demonstrated a pattern of using publicly accessible tooling like Cobalt Strike and other penetration testing software available on platforms like Github, instead of building its own unique tools. One such instance was in July 2022 when Hoodoo used GC2 to target an Italian job search website. In October 2022, Google's Threat Analysis Group (TAG) successfully disrupted a campaign run by Hoodoo. Recently, the group targeted a Taiwanese media organization using phishing emails containing links to a password-protected file hosted on Drive. These actions indicate Hoodoo's continued aggressive activity and the broad scope of its targets, which includes entities ranging from job search websites to media organizations. Interestingly, Trend Micro has attributed the intrusion set to a cyber espionage group named Earth Longzhi, which it identifies as a subgroup within Hoodoo. The identification of subgroups within larger threat actors like Hoodoo hints at the complexity and scale of these malicious entities. The cybersecurity community continues to monitor and counteract Hoodoo's activities, highlighting the ongoing nature of this threat.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT41
3
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4
Longzhi
1
Earth Longzhi, a subgroup within the notorious APT41 cyber espionage group, has re-emerged after months of dormancy, according to cybersecurity researchers at Trend Micro. The threat actor has been known for its malicious activities since 2020 and has recently targeted organizations in Taiwan, Thail
Earth Longzhi
1
Earth Longzhi, a suspected subgroup of the notorious APT41, has reemerged after months of inactivity and is now attacking organizations across various industries in Southeast Asia. This group had been on hiatus since its last campaign which ran from August 2021 to June 2022. Trend Micro's investigat
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Google
Apt
Github
Gc2
Cobalt Strike
Espionage
India
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Hoodoo Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
2 months ago
APT41: The threat of KeyPlug against Italian industries
CERT-EU
7 months ago
The Hindu Morning Digest: January 5, 2024
CERT-EU
a year ago
Google sheets & drive traffic along with this process in your network, means your are hacked
CERT-EU
a year ago
Si ves tráfico de hojas de cálculo y Google drive junto con este proceso en su red, significa que está hackeado
DARKReading
a year ago
APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks
CERT-EU
a year ago
Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics - GIXtools