APT41, a prolific advanced persistent threat group believed to be working on behalf of the Chinese government, has sharply ramped up its activities in recent months after a relative lull.
Researchers from FireEye who have been tracking the activity said APT41 attacked as many as 75 of its customers between January 20 and March 11 alone.
The targeted organizations are scattered across 20 countries, including the US, UK, Canada, Australia, France, Japan, and India. Organizations from nearly 20 sectors have been impacted, including those in the government, defense, banking, healthcare, pharmaceutical, and telecommunication sectors.
Though only a handful of the attacks resulted in an actual security compromise, FireEye described APT41's activity as one of the broadest malicious campaigns ever by a Chinese threat actor in recent years.
Chris Glyer, chief security architect at FireEye, says the reason for APT41's sudden burst of activity is unclear. Based on FireEye's current visibility, the attacks appear to be targeted, but it is hard to ascribe a specific motive or intent behind APT41's behavior, he says.
But likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic. It is possible that these events are driving China on a quest for intelligence on a variety of topics, including trade, travel, communications, manufacturing, research, and international relations.
"The most likely explanation for the broad targeting set is to enable both current as well as future potential collection requirements that would enable APT41 to complete their mission objectives quickly," ..
Support the originator by clicking the read the rest link below.
