APT41: A Dual Espionage and Cyber Crime Operation


APT41: A Dual Espionage and Cyber Crime Operation (Aug 7, 2019)

FireEye researchers have identified a new Advanced Persistent Threat (APT) group, dubbed APT41. APT41 is believed to be based in China and conducts state-sponsored espionage activity in parallel with financially motivated operations. According to researchers, the group has established and maintained strategic access to organizations in the healthcare, high-tech, and telecommunications sectors.The financially-motivated activities have primarily focused on the video game industry. APT41 leverages more than 46 different malware families and tools to accomplish their missions, including publicly available utilities, malware shared with other Chinese espionage operations, and tools unique to the group.

Recommendation: Defense in depth (layering of security mechanisms, redundancy, fail safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of phishing, and how to identify such attempts.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.