Security News > 2021 > October > State-sponsored Chinese crims targeted India with tax and COVID phishing

State-sponsored Chinese crims targeted India with tax and COVID phishing
2021-10-07 06:58

Blackberry's Research and Intelligence Team has uncovered three phishing schemes targeting Indian nationals, and says a Chinese state-sponsored malware gang is the culprit.

Blackberry identified the responsible party as APT41 - a prolific Chinese state-sponsored cyberthreat group that has carried out what Fireye called "Espionage activity in parallel with financially motivated operations" since at least 2012.

Through their investigation tactics, the Blackberry squad uncovered three phishing lures targeting Indian nationals, masquerading as government communications about taxes or COVID-19.

The phishing lures - an favourite APT41 tactic typically used in conjunction with information stealers, keyloggers and backdoors - loaded and executed Cobalt Strike Beacons onto the target's network.

"We were able to uncover what we believe is additional APT41 infrastructure by taking these unique aspects and following the trail of digital breadcrumbs. Overlapping indicators of compromise linked the trail of our findings to those of two additional campaigns documented by Positive Technologies and Prevailion," wrote Blackberry in a blog post.

"These findings show that the APT41 group is still regularly conducting new campaigns, and that they will likely continue to do so in the future," Blackberry's researchers warned.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/07/apt_41_phishing_schemes_indian_nationals/