Chinese threat group APT41 launches “broadest campaign in years” – NS Tech

US security researchers have uncovered what they say is one of the broadest Chinese cyber campaigns in years. First observed in late January, the campaign has been launched by a threat group called APT41 that allegedly conducts cyber espionage on behalf of the Chinese government.

According to FireEye, the US security firm that has tracked the activity, Chinese campaigns have largely been narrowing in focus over the last few years. However, APT41’s latest spree of attacks buck this trend, targeting FireEye clients across 20 sectors and as many countries.

Sign up to Emerging Threats, our weekly cyber security newsletter

The attacks, which have sought to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho’s MangeEngine Desktop Central software, focused on targets in the UK, US, France, Japan, Saudi Arabia, Singapore, Sweden and the UAE, among other countries.

Affected industries included government, healthcare, technology, higher education, banking, media, telecoms and travel, among others, according to data gathered on the 75 FireEye customers that were targeted.

“It’s unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature,” FireEye’s researchers said in a blog.

The campaign was observed between 20 January and 11 March but appeared to pause from 2 to 19 of February. “China initiated COVID-19 related quarantines in cities in Hubei province starting on January 23 and January 24, and rolled out quarantines to additional provinces starting between February 2 and February 10,” FireEye noted.

“While it is possible that this reduction in activity might be related to the COVID-19 quarantine measures in China, APT41 may have remained active in other ways, which we were unable to observe with FireEye telemetry.”

In 2016, then US president, Barack Obama, signed an agreement with his Chinese counterpart, Xi Jinping, in an attempt to bring an end to state-sponsored theft of intellectual property. In the weeks following the agreement, Chinese commercial hacks fell by around 90 per cent. But as US relations with China have deteriorated in the years since, attacks have increased once again.