APT 41 Threat Intelligence Report and Malware Analysis

Overview

APT41 is a highly sophisticated Chinese state-sponsored threat actor known for conducting both espionage and financially motivated cyberattacks. This group targets a wide range of sectors, including healthcare, telecom, software, and government entities across the globe. Unlike many threat groups, APT41 uniquely blends traditional cyber espionage with cybercrime tactics, deploying custom malware and ransomware in some attacks.

APT 41, also known by aliases such as BARIUM, Wicked Panda, and Brass Typhoon, is a prominent cyber threat group believed to be associated with the Chinese government. This group has been active since at least 2012 and is known for its dual focus on cyber espionage and financially motivated cybercrime.

APT41 was recently reported to be using Google Calendar for malware command-and-control on a government of Taiwan website. This research examines the delivery methods, technical details, recent activity, and key IOCs to help defenders identify and prevent similar attacks.

Resecurity is sharing additional technical information and indicators of compromise of APT41 activity to raise awareness of incident responders and cybersecurity professionals to combat threats originating from China.

To read the complete article see: APT 41: Threat Intelligence Report and Malware Analysis

---