Threat Intelligence, Malware

Asia, Europe targeted by new APT41 attacks

Share
Chinese hacker. Laptop with binary computer code and china flag

Technology, logistics, shipping, and automotive organizations across Asia and Europe, particularly Taiwan, Thailand, Turkey, Italy, Spain, and the UK, have been subjected to malware attacks by Chinese state-sponsored threat operation APT41 since last year, with the group recently expanding intrusions against similar entities in Singapore, reports SecurityWeek.

APT41, also known as Wicked Panda, Barium, and Winnti, exploited Tomcat Apache Manager servers' web shells to facilitate dropper execution and backdoor distribution before leveraging the DUSTTRAP multi-stage plugin framework to conceal malicious activity, according to a report from Mandiant. Such attacks also involved the usage of a command-line utility to enable Oracle database exfiltration. "The decrypted payload was designed to establish communication channels with either APT41-controlled infrastructure for command and control or, in some instances, with a compromised Google Workspace account, further blending its malicious activities with legitimate traffic," said researchers. Such attack techniques show an evolution from the hacking group's initial utilization of UEFI firmware implants, software supply chain breaches, and stolen digital certificates.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.