Security News > 2022 > August > APT41 group: 4 malicious campaigns, 13 victims, new tools and techniques
Group-IB has released new research on the state-sponsored hacker group APT41.
Group-IB Threat Intelligence analysts identified four APT41 malware campaigns carried out in 2021 that were geographically spread across the United States, Taiwan, India, Vietnam, and China.
According to Group-IB, there were 13 confirmed victims of APT41 in 2021, but the actual number could be much higher.
Group-IB researchers emphasize that the group usually used certain servers exclusively to host the Cobalt Strike framework, while they exploited others only for active scanning through Acunetix.
"Despite the servers being protected with the cloud service Cloudflare, which hides the real server addresses, the Group-IB Threat Intelligence system detected APT41 server backends, which helped monitor the group's malicious infrastructure and quickly block their servers," a Group-IB specialist said.
Research into APT41 malware campaigns from 2021 helped Group-IB Threat Intelligence analysts align all the group's timestamps to UTC+8.