Security News > 2021 > October > New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers
Chinese cyber espionage group APT41 has been linked to seemingly disparate malware campaigns, according to fresh research that has mapped together additional parts of the group's network infrastructure to hit upon a state-sponsored campaign that takes advantage of COVID-themed phishing lures to target victims in India.
APT41 is a moniker assigned to a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in conjunction with financially motivated operations for personal gain as far back as 2012.
The group is known for staging cybercrime intrusions that are aimed at stealing source code and digital certificates, virtual currency manipulation, and deploying ransomware, as well as executing software supply chain compromises by injecting malicious code into legitimate files prior to distribution of software updates.
BlackBerry, which found a similar C2 profile uploaded to GitHub on March 29 by a Chinese security researcher with the pseudonym "1135," used the metadata configuration data to identify a fresh cluster of domains related to APT41 that attempt to masquerade Beacon traffic look like legitimate traffic from Microsoft sites, with IP address and domain name overlaps found in campaigns linked to the Higaisa APT group, and that of Winnti disclosed over the past year.
Although a set of intrusions using similar phishing lures and uncovered in September 2020 were pinned on the Evilnum group, BlackBerry said the compromise indicators point to an APT41-affiliated campaign.
"With the resources of a nation-state level threat group, it's possible to create a truly staggering level of diversity in their infrastructure," the researchers said, adding by piecing together the malicious activities of the threat actor via public sharing of information, it's possible to "Uncover the tracks that the cybercriminals involved worked so hard to hide."
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)