APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.
APT41 is a China-linked threat group associated with cyberespionage, financial crime, and attacks on organizations across multiple sectors.
Search across headline titles and summaries.
Background for this topic.
APT41 is a Chinese cyber threat group known for combining state-sponsored espionage with financially motivated cybercrime. It targets industries such as healthcare, telecommunications, and technology by exploiting software vulnerabilities and deploying custom malware to maintain long-term access. The group’s operations often involve stealing intellectual property and conducting supply chain compromises.
Security teams should prioritize patching known vulnerabilities exploited by APT41 and monitor for signs of credential theft and lateral movement within networks. Because the group blends legitimate administrative tools with malicious activity, detecting their presence requires careful analysis of unusual access patterns and behavior anomalies. Understanding APT41’s tactics helps defenders anticipate multi-faceted attacks that mix espionage objectives with profit-driven intrusions.
Weekly headline count for the current query.
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.
The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyber espionage activities.
Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out.
APT41, a Chinese state-sponsored threat actor also known as "Double Dragon," used Google Calendar as command-and-control infrastructure during a campaign last fall.
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.
A threat actor resembling APT41 performed "AppDomainManager Injection," which is like DLL sideloading, but arguably easier and stealthier.
Earth Baku, yet another subgroup of the highly active and increasingly sophisticated collective, is moving into EMEA with new malware and living-off-the-land (LOL) tactics.
The state-sponsored Chinese threat actor gained access to three systems and stole at least some research data around computing and related technologies.
According to Mandiant, among the many cyber espionage tools the threat actor is using is a sophisticated new dropper called DustTrap.
Nation-states see the opportunity in targeting people directly through their mobile phones, in this case with sophisticated Android surveillanceware.
The notorious Chinese APT is spreading cyber maliciousness around Southeast Asia, and its next targets are already in sight.
China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy.
The state-sponsored threat actor has switched up its tactics, also adding an automated SQL-injection tool to its bag of tricks for initial access.
The group's attack methods have included exploits for a zero-day vulnerability in a livestock-tracking apps as well as for the Apache Log4 flaw.