ThreatMon Blog
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy
No Result
View All Result
ThreatMon Blog
No Result
View All Result

Home » 13 Organizations Targeted by Chinese-Linked APT41 and a New Wave of Cobalt Strike Infections

13 Organizations Targeted by Chinese-Linked APT41 and a New Wave of Cobalt Strike Infections

A budget tells us what we can't afford, but it doesn't keep us from buying it.

ibrahim mestav by ibrahim mestav
September 7, 2023
in Security News
0
13-organizations-targeted-by-chinese-linked-apt41-and-a-new-wave-of-cobalt-strike-infections
605
SHARES
3.4k
VIEWS
Share on FacebookShare on Twitter

APT41, one of the state-sponsored ex-hacker groups, breached government networks in six US states in March 2022, including by exploiting a vulnerability in a livestock management system, according to Mandiant researchers.

Cybersecurity firm Group-IB’s investigations resulted in nearly 80 proactive notifications of APT41 attacks against their infrastructure to private and government organizations worldwide.

The group’s targets include government and private organizations based in the United States, Taiwan, India, Thailand, China, Hong Kong, Mongolia, Indonesia, Vietnam, Bangladesh, Ireland, Brunei and the United Kingdom.

According to the analysis, the sectors targeted by APT41 in the campaigns are the government sector, manufacturing, health, logistics, accommodation, finance, education, telecommunications, consultancy, sports, media and travel.

targeted-by-chinese-linked-apt41

Attackers use tools such as Acunetix, Nmap, Sqlmap, OneForAll, subdomain3, subDomainsBrute, and Sublist3r for discovery.

During its infiltration phase, APT41 used various techniques such as spear phishing emails, exploiting various vulnerabilities (including Proxylogon), and thirst and supply chain attacks.

Threat actors used SQL injections in some cases. Such attacks were carried out with the publicly available SQLmap tool.

APT41 members gained access to a target server’s command shell and were able to execute certain commands. The group also used this tool to upload files to the target server. At this stage, the files were either Cobalt Strike Beacons or custom web shells.

targeted-by-chinese-linked-apt41-1

The group usually uses certain servers only to host the Cobalt Strike framework. It uses others only for active browsing through Acunetix.

By the end of 2021, the number of Cobalt Strike servers exclusively used for command and control reached 106, according to Group-IB Threat Intelligence data. However, many of them are no longer active.

The cybersecurity firm said that while this tool has been favored by cybercriminal gangs targeting banks in the past, it is now popular with various threat actors, including notorious ransomware operators.

References:

https://blog.group-ib.com/apt41-world-tour-2021

Previous Post

WordPress Sites Hacked with Fake Cloudflare DDoS Alerts

Next Post

Google Has Released an Update for the New Chrome Zero-Day Vulnerability

Next Post
google-has-released-an-update-for-the-new-chrome-zero-day-vulnerability

Google Has Released an Update for the New Chrome Zero-Day Vulnerability

Recommended

chatgpt-and-cyber-security-in-15-questions-impacts-benefits-and-harms1

ChatGPT and Cyber Security in 15 Questions: Impacts, Benefits and Harms

August 5, 2023
cisco-has-been-hacked-by-yanluowang-ransomeware-group

Cisco Has Been Hacked by Yanluowang Ransomware Group

August 5, 2023

Popular Story

  • chatgpt-and-malware-analysis-threatmon

    ChatGPT and Malware Analysis – ThreatMon

    977 shares
    Share 391 Tweet 244
  • ChatGPT and Cyber Security in 15 Questions: Impacts, Benefits and Harms

    777 shares
    Share 311 Tweet 194
  • TA558 APT Group Uses Malicious Microsoft Compiled HTML Help Files

    751 shares
    Share 300 Tweet 188
  • What is SMTP Open Mail Relay Vulnerability?

    727 shares
    Share 291 Tweet 182
  • The Importance of Attack Surface Management for Organizations

    678 shares
    Share 271 Tweet 170

Intelligence Modules

Cyber Threat Intelligence Attack Surface Management Digital Risk Protection

Resources

Blog Reports

Platform

Discover the platform

Company

About Us Terms & Use Privacy Policy

Blog

The Importance of Attack Surface Management for Organizations ChatGPT and Malware Analysis – ThreatMon TA558 APT Group Uses Malicious Microsoft Compiled HTML Help Files
threatmon-logo

Copyright © 2023

No Result
View All Result
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

Advanced Threat Intelligence Platform
Get 30 Days Free Trial
Get 30 Days Free Trial