APT 41: Threat Intelligence Report and Malware Analysis
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
APT41, a sophisticated Chinese state-sponsored threat actor, blends cyber espionage with cybercrime tactics. They target various sectors globally, including healthcare, telecom, and government entities. Recently, APT41 was observed using Google Calendar for malware command-and-control on a Taiwanese government website. Their attack chain involves spear-phishing emails, malicious ZIP archives, and a three-module malware system called ToughProgress. This malware uses stealthy techniques like in-memory execution, encryption, and process hollowing to evade detection. The unique aspect of ToughProgress is its use of Google Calendar events for covert data exchange, creating a stealthy communication channel for remote command execution and data exfiltration.
OPENCTI LABELS :
china,spear-phishing,cyberespionage,state-sponsored,google calendar,plusdrop,plusinject
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
APT 41: Threat Intelligence Report and Malware Analysis