Security News > 2022 > August > China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year

The Chinese advanced persistent threat actor tracked as Winnti has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021.

APT41, also known as Barium, Bronze Atlas, Double Dragon, Wicked Panda, or Winnti, is a prolific Chinese cyber threat group that's known to carry out state-sponsored espionage activity in parallel with financially motivated operations at least since 2007.

Describing 2021 as an "Intense year for APT41," attacks mounted by the adversary involved primarily leveraging SQL injections on targeted domains as the initial access vector to infiltrate victim networks, followed by delivering a custom Cobalt Strike beacon onto the endpoints.

"APT41 members usually use phishing, exploit various vulnerabilities, and conduct watering hole or supply-chain attacks to initially compromise their victims," the researchers said.

The findings mark the continued abuse of the legitimate adversary simulation framework by different threat actors for post-intrusion malicious activities.

"In the past, the tool was appreciated by cybercriminal gangs targeting banks, while today it is popular among various threat actors regardless of their motivation, including infamous ransomware operators," Group-IB Threat Analyst, Nikita Rostovtsev, said.

News URL

https://thehackernews.com/2022/08/china-backed-apt41-hackers-targeted-13.html