Security News > 2020 > September > Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack
One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.
Security firm FireEye dubbed that hacking blitz "One of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years."
While the various charging documents released in this case do not mention it per se, it is clear that members of this group also favored another form of supply chain attacks - hiding their malware inside commercial tools they created and advertised as legitimate security software and PC utilities.
One of the men indicted as part of APT41 - now 35-year-old Tan DaiLin - was the subject of a 2012 KrebsOnSecurity story that sought to shed light on a Chinese antivirus product marketed as Anvisoft.
Security analysts and U.S. prosecutors say APT41 operated out of a Chinese enterprise called Chengdu 404 that purported to be a network technology company but which served a legal front for the hacking group's illegal activities, and that Chengdu 404 used its global network of compromised systems as a kind of dragnet for information that might be useful to the Chinese Communist Party.
News URL
https://krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/
Related news
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)