FireEye has identified a new advanced persistent threat (APT) group, dubbed APT41.
As the firm explained in a blog post, APT41 is “a prolific Chinese cyber-threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations.”
The group has established and maintained strategic access to organizations in the healthcare, high-tech, and telecommunications sectors across various jurisdictions, FireEye continued, with operations against higher education, travel services and news/media firms providing some indication that the group also tracks individuals and conducts surveillance. The group’s financially motivated activity has primarily focused on the video game industry, according to FireEye.
FireEye researchers wrote: “APT41 leverages an arsenal of over 46 different malware families and tools to accomplish their missions, including publicly available utilities, malware shared with other Chinese espionage operations, and tools unique to the group. The group often relies on spear-phishing emails with attachments such as compiled HTML (.chm) files to initially compromise their victims. Once in a victim organization, APT41 can leverage more sophisticated TTPs and deploy additional malware.”
Sandra Joyce, SVP of global threat intelligence at FireEye, said: “APT41 is unique among the China-nexus actors we track in that it uses tools typically reserved for espionage campaigns in what appears to be activity for personal gain. They are as agile as they are skilled and well resourced. Their aggressive and persistent operations for both espionage and cybercrime purposes distinguish APT41 from other adversaries and make them a major threat across multiple industries.”