Security News > 2020 > September > Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

Security firm FireEye dubbed that hacking blitz "One of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years."

While the various charging documents released in this case do not mention it per se, it is clear that members of this group also favored another form of supply chain attacks - hiding their malware inside commercial tools they created and advertised as legitimate security software and PC utilities.

One of the men indicted as part of APT41 - now 35-year-old Tan DaiLin - was the subject of a 2012 KrebsOnSecurity story that sought to shed light on a Chinese antivirus product marketed as Anvisoft.

Security analysts and U.S. prosecutors say APT41 operated out of a Chinese enterprise called Chengdu 404 that purported to be a network technology company but which served a legal front for the hacking group's illegal activities, and that Chengdu 404 used its global network of compromised systems as a kind of dragnet for information that might be useful to the Chinese Communist Party.

News URL

https://krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/