SOC files: an APT41 attack on government IT services in Africa
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Chinese cyberespionage group APT41 conducted a targeted attack against government IT services in Africa. The attackers used various tools including Impacket, Cobalt Strike, and custom malware for lateral movement, privilege escalation, and data exfiltration. They leveraged DLL sideloading techniques and a compromised SharePoint server as a command and control center. The attack involved credential harvesting, use of web shells, and custom stealers to collect sensitive data. Notable TTPs included using hardcoded internal service names and proxy servers in malware, and exploiting a captive SharePoint server for C2 communication. The incident highlights the importance of comprehensive infrastructure monitoring and proper access controls.
OPENCTI LABELS :
cobalt strike,data exfiltration,mimikatz,targeted attack,government,web shell,dll sideloading,credential harvesting,africa,sharepoint,checkout,pillager
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
SOC files: an APT41 attack on government IT services in Africa