Home Security China-backed APT41 Hackers Focused 13 Organisations Worldwide Final Yr

China-backed APT41 Hackers Focused 13 Organisations Worldwide Final Yr

by crpt os


The Chinese advanced persistent threat (APT) actor tracked as Winnti has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021.

“The targeted industries included the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media and aviation,” cybersecurity firm Group-IB said in a report shared with The Hacker News.

CyberSecurity

This also included the attack on Air India that came to light in June 2021 as part of a campaign codenamed ColunmTK. The other three campaigns have been assigned the monikers DelayLinkTK, Mute-Pond, and Gentle-Voice based on the domain names used in the attacks.

APT41, also known as Barium, Bronze Atlas, Double Dragon, Wicked Panda, or Winnti, is a prolific Chinese cyber threat group that’s known to carry out state-sponsored espionage activity in parallel with financially motivated operations at least since 2007.

APT41 Hackers

Describing 2021 as an “intense year for APT41,” attacks mounted by the adversary involved primarily leveraging SQL injections on targeted domains as the initial access vector to infiltrate victim networks, followed by delivering a custom Cobalt Strike beacon onto the endpoints.

But in somewhat of an unusual approach, the Cobalt Strike Beacon was uploaded in smaller chunks of Base64-encoded strings as an obfuscation tactic to fly under the radar, before writing out the entire payload to a file on the infected host.

“APT41 members usually use phishing, exploit various vulnerabilities (including Proxylogon), and conduct watering hole or supply-chain attacks to initially compromise their victims,” the researchers said.

CyberSecurity

Other actions carried out post-exploitation ranged from establishing persistence to credential theft and conducting reconnaissance through living-off-the-land (LotL) techniques to gather information about the compromised environment and laterally move across the network.

The Singapore-headquartered company said it identified 106 unique Cobalt Strike servers that were exclusively used by APT41 between early 2020 and late 2021 for command-and-control. Most of the servers are no longer active.

The findings mark the continued abuse of the legitimate adversary simulation framework by different threat actors for post-intrusion malicious activities.

“In the past, the tool was appreciated by cybercriminal gangs targeting banks, while today it is popular among various threat actors regardless of their motivation, including infamous ransomware operators,” Group-IB Threat Analyst, Nikita Rostovtsev, said.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex