Security is Everyone's Job
APT 41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations
Active since at least 2012, APT 41 has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries
2012: APT41 was first observed by researchers as a Chinese state-sponsored espionage group that also conducts financially-motivated operations
2014: APT41 began to engage in personal gain activities, such as stealing virtual currency and selling game accounts, in addition to its espionage operations
2015: APT41 compromised a software company and injected malicious code into one of its products, which was then distributed to hundreds of organizations
2016: APT41 conducted a supply chain attack against a popular web browser in Asia, infecting millions of users with a backdoor
2017: APT41 exploited a zero-day vulnerability in Apache Struts to compromise several organizations, including a telecom company and a credit bureau
2018: APT41 targeted a hotel reservation system ahead of Chinese officials staying there, suggesting the group was tasked to reconnoiter the facility for security reasons
2019: APT41 was indicted by a federal grand jury in Washington, D.C. for computer intrusions affecting 100 companies globally
2020: APT41 was indicted again by the U.S. Department of Justice for allegedly compromising more than 100 companies around the world as part of APT41
2021: APT41 conducted four different malicious campaigns, targeting political groups, military organizations, airlines, and other sectors in 13 countries
2022: APT41 exploited the Log4j vulnerability to compromise at least two U.S. state governments and their more traditional targets in the insurance and telecommunications industries
APT 41 uses various attack methods such as spearphishing, malware, supply chain attack, web shell, and exploit public-facing application
It also uses data obfuscation, proxy, and web service to evade detection and exfiltrate data
APT 41 overlaps at least partially with public reporting on groups including BARIUM and Winnti Group
It also has other aliases such as Wicked Panda, Wicked Spider, TG-2633, Bronze Atlas, Red Kelpie, Blackfly, and Double Dragon