APT41
G00961 reportsAnalyst assessment — key judgments
- Signature techniques: T1590.005 (IP Addresses), T1059.007 (JavaScript), T1087.003 (Email Account).
- Primary targeting: CN, HK, US.
- Currently dormant: 0 report(s) in last 30d vs 0 prior (+0%).
- Hunt coverage 50% of 4 observed techniques (2 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
Movement — last 30 days
Overview
APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, APT41 has been observed targeting various industries, including but not limited to healthcare, telecom, technology, finance, education, retail and video game industries in 14 countries.(Citation: apt41_mandiant) Notable behaviors include using a wide range of malware and tools to complete mission objectives. APT41 overlaps at least partially with public reporting on groups including BARIUM and Winnti Group.(Citation: FireEye APT41 Aug 2019)(Citation: Group IB APT 41 June 2021)
ATT&CK technique matrix
- T1590.005 · IP Addressesconf 601
- T1059.007 · JavaScriptconf 601
- T1087.003 · Email Accountconf 601
- T1589.001 · Credentialsconf 601
Threat catalogue · engineering roadmap
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
Relationships
Activity
| Title | Source | Severity | Collected |
|---|