A China-linked threat actor tracked as APT41 has targeted many organizations around the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products, FireEye reported on Wednesday.
APT41 has been active since at least 2012 and it has targeted a wide range of organizations worldwide. The group has launched both cyberespionage campaigns and financially-motivated attacks, but FireEye told SecurityWeek that it hasn’t been able to determine the end goal or motivation of this latest campaign.
FireEye says the Chinese hackers targeted more than 75 of its customers between January 20 and March 11, including in the banking, defense industrial base, construction, government, tech, healthcare, higher education, manufacturing, legal, media, oil and gas, non-profit, pharmaceutical, petrochemical, real estate, transportation, travel, utility and telecommunication sectors.
Targeted entities were located in the US, Canada, Switzerland, Philippines, Australia, UK, UAE, Finland, France, Malaysia, Denmark, Mexico, Qatar, Saudi Arabia, Sweden, Japan and Poland.
“It’s unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature,” FireEye said.
The threat group first exploited CVE-2019-19781, a vulnerability affecting Citrix ADC and Gateway products. The flaw was disclosed in December — before patches were released — and the first attacks exploiting the weakness were spotted in January.
According to FireEye, APT41 started exploiting the vulnerability on January 20. The attackers apparently took a break ..
Support the originator by clicking the read the rest link below.
