CyberSecurityBoard
Sponsor Register Login

APT41

APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, APT41 has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries. APT41 overlaps at least partially with public reporting on groups including BARIUM and Winnti Group.

This Cyber News was published on attack.mitre.org. Publication date: Thu, 07 Dec 2023 22:12:07 +0000


Cyber News related to APT41

APT41 Hackers Leveraging Atexec and WmiExec Windows Modules to Deploy Malware - In a recently documented incident, the threat actors demonstrated their evolving tactics by leveraging the Atexec and WmiExec modules from the Impacket penetration testing toolkit to establish persistence and conduct lateral movement within ...
2 weeks ago Cybersecuritynews.com APT41
APT41 - APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, APT41 has been observed targeting healthcare, telecom, technology, and ...
1 year ago Attack.mitre.org APT41 Winnti Group
Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
1 year ago Cysecurity.news APT41
Earth Lusca - Earth Lusca is a suspected China-based cyber espionage group that has been active since at least April 2019. Earth Lusca has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the ...
1 year ago Attack.mitre.org APT41 Earth Lusca Winnti Group
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs - Common malware has led a group of researchers to link the once mysterious Sandman threat group, known for cyberattacks against telecom service providers across the world, to a growing web of Chinese government-backed advanced persistent threat ...
1 year ago Darkreading.com APT41
apt41 - ...
1 year ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - – Exploitation of zero-day vulnerabilities or watering hole attacks (compromising websites frequented by the target).Establishing a Foothold– Attackers deploy malware to create backdoors or tunnels for undetected movement within the ...
5 months ago Cybersecuritynews.com APT41
Weekly Cybersecurity Recap : Sharepoint 0-day, Vmware Exploitation, Threats and Cyber Attacks - Tracked as CVE-2025-12345, this flaw allows remote code execution (RCE) without authentication, potentially enabling attackers to compromise sensitive data or deploy malware on affected servers. The U.S. Cybersecurity and Infrastructure Security ...
1 week ago Cybersecuritynews.com CVE-2025-12345 APT41
Sandman Cyberespionage Group Linked to China - The recently outed advanced persistent threat actor Sandman appears linked to China, SentinelOne, Microsoft, and PwC say in a joint report. The hacking group was brought into the spotlight at the LABScon security conference, standing out because of ...
1 year ago Securityweek.com APT41
'ChamelGang' APT Disguises Espionage Activities With Ransomware - A likely China-backed advanced persistent threat group has been systematically using ransomware to disguise its relatively prolific cyber-espionage operations for the past three years, at least. The threat actor, who researchers at SentinelOne are ...
1 year ago Darkreading.com APT41
Winnti Hackers Attacking Japanese Organizations With New Malware - The China-based Winnti Group has targeted Japanese organizations in a recent cyberattack campaign known as “RevivalStone,” in the manufacturing, materials, and energy sectors. With the increasing sophistication of such threats, ...
5 months ago Cybersecuritynews.com APT41 Winnti Group
Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN - Security experts recommend immediate patching of all Fortinet devices, monitoring for WebSocket handshake requests to suspicious endpoints, and reviewing historical logs for signs of exploitation attempts using these now-exposed techniques. The ...
3 months ago Cybersecuritynews.com CVE-2024-23108 APT41
RedGolf Hackers Exposes Fortinet Exploits & Tools Used to Hack Organizations - Security experts recommend organizations use Fortinet products to immediately update to the latest firmware versions and monitor for suspicious access patterns to CLI endpoints, particularly those involving WebSocket connections or forwarded headers ...
3 months ago Cybersecuritynews.com APT41
New T1555.003 Technique Let Attackers Steal Passwords From Web Browsers - Security tools can generate Event ID 4663 logs when unauthorized processes attempt to access browser files like Local State or Login Data. According to recent research, web browsers typically store these credentials in an encrypted format within a ...
3 months ago Cybersecuritynews.com APT33 APT37 APT41 Ajax Security Team APT3
APT Hackers Attacking Maritime and Shipping Industry to Launch Ransomware Attacks - The Turla/Tomiris group has particularly refined this approach, utilizing infected USB drives containing industrial espionage tools that eventually deploy ransomware across entire fleet management networks, effectively holding maritime operations ...
1 week ago Cybersecuritynews.com Mustang Panda CVE-2022-22707 APT41 Turla

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)