Skip to content

At least 80 organizations targeted by the China-backed APT41 worldwide last year

Table of Contents

4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections
The state-sponsored hacker group APT41 (aka ARIUM, Winnti, LEAD, WICKED SPIDER, WICKED PANDA, Blackfly, Suckfly, Winnti Umbrella, Double Dragon), whose goals are cyber espionage and financial gain, has been active since at least 2007. Group-IB Threat Intelligence analysts identified four APT41 malware campaigns carried out in 2021 that were geographically spread across the United States, Taiwan, India, Vietnam, and China. The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation.
Group-IB analysis shows that 2021 was an intense year for APT41. Research into the discovered tools and indicators of compromise revealed malicious activity and made it possible to notify businesses and government organizations about emerging or committed APT41 attacks. As a result, they could take the necessary steps to protect themselves or hunt for traces of compromise across their networks. In 2021, Group-IB sent over 80 early warnings related to APT41 in total.
APT41 World Tour 2021 on a tight schedule
4 malicious campaigns, 13 confirmed victims, and a new wave of Cobalt Strike infections

#Analysis #CTI #IoCs #TTPs #APT

Latest

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges. It recommended applying the updates and

Members Public
Modern zsarolóvírusok

Modern zsarolóvírusok

A Magyar Védelmi Beszerzési Ügnynökséget az INC Ransom csoport támadta és zsarolta meg 2024. októberében. Az elmúlt időszakban megszaporodtak azok a magyarországi zsarolóvírus támadások, amelyek során az INC és a vele csaknem 71%-ban azonos Lynx zsarolóvírusokat használták a támadók.

Members Public