To know more about it, you can go through my detailed document by clicking here
Overview
APT-41 also known as Double Dragon hacking group is a Chinese state-sponsored espionage group and according to the cybersecurity company FireEye, they generally targets healthcare, telecom, technology, and video game industries of USA and Europe (active since 2012). The name "Double Dragon" refers to the fact that besides engaging in espionage, they also indulge in individual financial gain.
Espionage Activity
Alike other Chinese cyber threat group, APT-41 also acts according to the welfare of Chinese strategies and goals in technology. Their way of attacks signifies that they attacks specifically to obtain information regarding major political as well as financial events.
For example- The hacking of the German company TeamViewer AG's software that can allow remote system control on June 2016, leaked all the information about businesses as well as management details of the TeamViewer users to the cyber threat group.
Financial Activity
In order to get some financial gain, APT-41 hacked a video-game industry and generated some virtual game currency to sell it underground markets and laundering schemes. They have also launched attacks against South Korean gaming industry as well as the illegal gambling industry of China.
Techniques Used
As APT-41 doesn't uses the traditional backdoor practices like the other advanced persistent threats, they are very difficult to detect. Their breaching techniques includes the use of software supply-chain compromises, sophisticated malwares like Bootkits, spear-phishing emails, etc.
Conclusion
As these attacks are highly advanced and difficult to detect, the public Indicators of Compromise (IoCs) or any other available open-source intelligence must be used and the best detection facility can fail if a threat cannot be addressed by a security analyst at an early stage that may occur either due to large number of alerts or due to higher triage and investigation skills barrier.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment