Chinese cybercriminal syndicate redoubles espionage efforts

APT41 targeted 75 organizations from a number of different industries in its latest hacking campaign

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US cybersecurity firmFireEyehas detected a surge in online espionage carried out by the Chinese hacking group APT41.

The spike in activity fromAPT41began at the end of January and lasted till mid-March during which time the group targeted 75 organizations from a number of different industries including telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing and transportation. The group also targeted nonprofit, legal, real estate, travel, education and media organizations.

In theirreporton APT41’s recent activities, FireEye researchers Christopher Glyer, Dan Perez, Sarah Jones and Steve Miller explained that the group is likely responsible for launching one of the most widespread online espionage campaigns they’ve ever seen, saying:

“This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years. While APT41 has previously conducted activity with an extensive initial entry … this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41.”

Leveraging recently disclosed vulnerabilities

APT41 used known vulnerabilities in Citrix’s Application Delivery Controller (ADC), Cisco’s routers and Zoho’s ManageEngine Desktop Central to launch their attacks on targeted organizations.

TheCitrix vulnerabilitywas made public a month before the group’s campaign began while a zero-day remote code execution vulnerability in Zoho’s ManageEngine Desktop Central was discloses just three days before the group leveraged the security flaw. Although FireEye does not have a copy of the malware used againstCisco’s routers, the company believes that APT41 designed its own custom malware to launch attacks against them.

FireEye first gave a name to the Chinese hacking group last year but APT41 has been conducting state-sponsored espionage for some time now.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In a statement toCyberScoop, FireEye explained the that motive behind APT41’s latest campaign is unknown but there are multiple explanations as to why it launched cyberattacks on 75 organizations across a variety of industries, saying:

“Based on our current visibility it is hard to ascribe a motive or intent to the activity by APT41. There are multiple possible explanations for the increase in activity including the trade war between the United States and China as well as the COVID-19 pandemic driving China to want intelligence on a variety of subjects including trade, travel, communications, manufacturing, research and international relations.”

ViaCyberScoop

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time