Table of Contents
4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections
The state-sponsored hacker group APT41 (aka ARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly, Winnti Umbrella, Double Dragon), whose goals are cyber espionage and financial gain, has been active since at least 2007. Group-IB Threat Intelligence analysts identified four APT41 malware campaigns carried out in 2021 that were geographically spread across the United States, Taiwan, India, Vietnam, and China. The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation.
Group-IB analysis shows that 2021 was an intense year for APT41. Research into the discovered tools and indicators of compromise revealed malicious activity and made it possible to notify businesses and government organizations about emerging or committed APT41 attacks. As a result, they could take the necessary steps to protect themselves or hunt for traces of compromise across their networks. In 2021, Group-IB sent over 80 early warnings related to APT41 in total.
#Analysis #CTI #IoCs #TTPs #APT