Mandiant Threat Intelligence monitors the Chinese hacker group APT41 and its activities. It is currently targeting US authorities, actively exploiting the Log4j vulnerability and vigorously distributing ransomware.
In addition, Mandiant has gleaned new insights from an ongoing investigation into APT41, the Chinese hacker group conducting cyberespionage on behalf of MSS, China's civilian intelligence agency.
APT41 attacks US authorities and Log4j vulnerability
- At least six US government agencies compromised by exploiting vulnerabilities in internet-based web applications.
- Exploiting the notorious Log4j vulnerability just two days after the Apache Foundation disclosed it.
- Adapting the malware to its victims' environments and frequently updating the encrypted data in a forum post, which gave the malware the key and unlocking instructions from the Command & Control servers.
- The overall goals of APT41's campaign remain unclear. The tenacity with which they gain access to government networks is reflected in the fact that they recompromise previous victims and target multiple agencies in the same state. Whatever they are looking for, it matters. The hacker group can be found everywhere - that's worrying.
Geoff Ackerman, Principal Threat Analyst at Mandiant, summarizes the findings as follows:
“While the ongoing war in Ukraine is rightfully attracting global attention and the potential for Russian cyber threats is real, we must not forget that other major hacking groups around the world are continuing their activities as usual. We must not allow other cyber activities to slip from view, especially when we realize that the campaign of APT41, one of the most active hacking groups out there, continues to this day.
The propensity for web exploits to attack publicly facing web applications and the ability to rapidly change targets based on available attack vectors demonstrate that APT41 continues to pose a significant threat to public and private organizations around the world.”
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.