Skip to content
Sign In Subscribe
Cybersecurity | english only |NewsEnglishCybersecurity

At least 80 organizations targeted by the China-backed APT41 worldwide last year

 and  Katalin Béres
1 min read

Table of Contents

4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections
The state-sponsored hacker group APT41 (aka ARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly, Winnti Umbrella, Double Dragon), whose goals are cyber espionage and financial gain, has been active since at least 2007. Group-IB Threat Intelligence analysts identified four APT41 malware campaigns carried out in 2021 that were geographically spread across the United States, Taiwan, India, Vietnam, and China. The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation.
Group-IB analysis shows that 2021 was an intense year for APT41. Research into the discovered tools and indicators of compromise revealed malicious activity and made it possible to notify businesses and government organizations about emerging or committed APT41 attacks. As a result, they could take the necessary steps to protect themselves or hunt for traces of compromise across their networks. In 2021, Group-IB sent over 80 early warnings related to APT41 in total.
APT41 World Tour 2021 on a tight schedule
4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections
Group-IB

#Analysis #CTI #IoCs #TTPs #APT

Related

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28
Cybersecurity | english only |

Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 28

Ukrainian hacktivist team Cyber Resistance hacked the email of Lieutenant Colonel Sergey Alexandrovich Morgachev, an officer of the Russian Main Intelligence Directorate of the General Staff of the Russian Army (GRU), leader of the Russian hacker group APT 28, consisting of officers of the 85th Main Special Service Center of

 and  Katalin Béres
Members Public
Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App
Cybersecurity | english only |

Supply Chain Attack Against Customers Of Business Phone Provider 3CX Using Trojanized 3CX Desktop App

Hackers may have compromised the networks of thousands of businesses due to a supply-chain attack on the enterprise phone company 3CX, which confirmed on Thursday its desktop app had been bundled with malware. 3CX provides office phone systems to more than 12 million daily users at over 600,000 companies,

 and  Katalin Béres
Members Public
Analysis of the "#VulkanFiles" Leak
Cybersecurity | english only |

Analysis of the "#VulkanFiles" Leak

A whistleblower has provided several media organizations with access to leaked documents from a Russian IT firm named NTC Vulkan (Russian: НТЦ Вулкан) that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools. Journalists from Der Spiegel and Munich-based investigative group Paper

 and  Katalin Béres
Members Public

Latest