{"id":42499,"date":"2021-08-24T00:00:00","date_gmt":"2021-08-24T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign.html"},"modified":"2021-08-24T00:00:00","modified_gmt":"2021-08-24T00:00:00","slug":"apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/","title":{"rendered":"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign\/earthbaku-header.jpg\"><\/p>\n<p>We have uncovered a cyberespionage campaign being perpetrated by Earth Baku, an advanced persistent threat (APT) group with a known history of carrying out cyberattacks under the alias APT41. This is not the group\u2019s first foray into cyberespionage, and its long list of <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/i\/u-s--justice-department-charges-apt41-hackers-over-global-cyberattacks.html\" target=\"_blank\" rel=\"noopener\">past cybercrimes also includes ransomware and cryptocurrency mining attacks<\/a>.<\/p>\n<p>Earth Baku deploys its ongoing campaign, which can be traced to as far back as July 2020, through multiple attack vectors that are designed based on different exploits or the infrastructure of its targeted victim&#8217;s environment:<\/p>\n<ul>\n<li>\u2022 SQL injection to upload a malicious file<\/li>\n<li>\u2022 Installment through\u202f<i>InstallUtil.exe<\/i> in a\u202fscheduled task<\/li>\n<li>\u2022&nbsp;Possibly a malicious link (LNK) file sent as an email attachment<\/li>\n<li>\u2022 Exploitation\u202fof\u202fthe ProxyLogon vulnerability CVE-2021-26855 to upload a China Chopper web shell<\/li>\n<\/ul>\n<p>This campaign uses previously unidentified shellcode loaders, which we have named StealthVector and StealthMutant, and a backdoor, which we have dubbed ScrambleCross. Earth Baku has developed these new malware tools to facilitate targeted attacks on public and private entities alike in specific industries that are located in the Indo-Pacific region. Thus far, the affected countries include India, Indonesia, Malaysia, the Philippines, Taiwan, and Vietnam.&nbsp;<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign\/earthbaku-figure-2-01.jpg\"><\/p>\n<p><i>Figure 1. Countries affected by Earth Baku\u2019s new campaign<\/i><\/p>\n<p><i><u>Source: Trend Micro\u2122 Smart Protection Network\u2122 infrastructure<\/u><\/i><\/p>\n<p><span class=\"body-subhead-title\">StealthVector<\/span><\/p>\n<p>We initially observed StealthVector, a shellcode loader written in C\/C++, in October 2020. StealthVector is designed with various configurable features that make it easy for malicious actors to modify and tailor it to their needs, including a feature that disables Event Tracing for Windows (ETW), allowing the malware to run in stealth mode. This loader can stealthily run its payload in various ways, such as using the&nbsp;<i>CreateThread<\/i>&nbsp;function, bypassing Microsoft\u2019s Control Flow Guard (CFG), module stomping, and phantom dynamic link library (DLL) hollowing.<\/p>\n<p><span class=\"body-subhead-title\">StealthMutant<\/span><\/p>\n<p>Like StealthVector, StealthMutant, which supports both 32-bit and 64-bit operating systems, can disable ETW. This loader, written in C#, has been&nbsp;used by malicious actors&nbsp;since July 2020. Many of the StealthMutant samples we have analyzed use AES-256-ECB for decryption; alternatively, an earlier variant of the loader uses XOR. After its payload is decrypted, StealthMutant performs process&nbsp;hollowing to execute its payload in a remote process.<\/p>\n<p><span class=\"body-subhead-title\">ScrambleCross<\/span><\/p>\n<p>Both StealthMutant and StealthVector contain a payload of either the Cobalt Strike beacon or ScrambleCross, a newly discovered backdoor. ScrambleCross receives instructions from its command-and-control (C&amp;C) server that allow it to receive and manipulate plug-ins. However, we have yet to retrieve and study one of these plug-ins. It has many of the same capabilities as another backdoor, Crosswalk, which has also been used by Earth Baku. For example, both calculate the hash of the code section as an anti-bugging technique, both are designed as fully position-independent code, and both support various kinds of network communication protocols.<\/p>\n<p><span class=\"body-subhead-title\">Connections to other campaigns<\/span><\/p>\n<p>Earth Baku\u2019s recent activities are related to another campaign that has been active since at least November 2018, <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/03\/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html\" target=\"_blank\" rel=\"noopener\">as reported by FireEye<\/a> and <a href=\"https:\/\/www.ptsecurity.com\/ww-en\/analytics\/pt-esc-threat-intelligence\/higaisa-or-winnti-apt-41-backdoors-old-and-new\" target=\"_blank\" rel=\"noopener\">Positive Technologies<\/a>. While the older campaign uses a different shellcode loader, which we have named LavagokLdr, we have observed similar code and procedures between LavagokLdr and StealthVector. In the same vein, we have observed that LavagokLdr\u2019s payload, Crosswalk, and one of StealthVector\u2019s payloads, ScrambleCross, perform similar techniques for decryption and signature checking. But because Earth Baku has updated its toolset with StealthVector, StealthMutant, and ScrambleCross for this new campaign, we have identified it as its own separate operation.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/h\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign\/earthbaku-figure-1-01.jpg\"><\/p>\n<p><i>Figure 2. A timeline of Earth Baku\u2019s previous campaign as APT41 and its new campaign<\/i><\/p>\n<p><span class=\"body-subhead-title\">How Earth Baku creates its malware tools<\/span><\/p>\n<p>Earth Baku is known for its <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/17\/d\/pigs-malware-examining-possible-member-winnti-group.html\" target=\"_blank\" rel=\"noopener\">use of self-developed tools<\/a>. To continue doing so, it appears to be filling its ranks with malicious actors who are pooling their diverse skills. Interestingly, the new malware tools involved in Earth Baku\u2019s new campaign indicates that the APT group has likely recruited members who specialize in low-level programming, software development, and red-team techniques.<\/p>\n<p>For more details about Earth Baku\u2019s new campaign, read our research paper&nbsp;<a href=\"https:\/\/research.trendmicro.com\/earthbaku\" target=\"_blank\" rel=\"noopener\">&#8220;Earth Baku: An APT Group Targeting Indo-Pacific Countries With New Stealth Loaders and Backdoor.&#8221;<\/a><\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/h\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our research paper provides an in-depth analysis of Earth Baku&#8217;s new cyberespionage campaign, particularly the group&#8217;s use of advanced malware tools and multiple attack vectors. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42500,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9509],"class_list":["post-42499","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-24T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1667\" \/>\n\t<meta property=\"og:image:height\" content=\"1212\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher\",\"datePublished\":\"2021-08-24T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/\"},\"wordCount\":703,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/\",\"name\":\"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg\",\"datePublished\":\"2021-08-24T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/08\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg\",\"width\":1667,\"height\":1212},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/","og_locale":"en_US","og_type":"article","og_title":"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-08-24T00:00:00+00:00","og_image":[{"width":1667,"height":1212,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher","datePublished":"2021-08-24T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/"},"wordCount":703,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/","url":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/","name":"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg","datePublished":"2021-08-24T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher.jpg","width":1667,"height":1212},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign-customer-technology-specialist-threat-researcher\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"APT41 Resurfaces as Earth Baku With New Cyberespionage Campaign Customer Technology Specialist Threat Researcher"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42499"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42499\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42500"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}