Chinese Antivirus Vendor Tied to Part of a Decade-Long Hacking Spree



cyber attack chinese antivirus vendorMembers of the hacking group “Apt41” were charged by the U.S. Department of Justice for hacking more than 100 victims globally with one of its members running AV vendor Anvisoft.

We all naturally assume that our antivirus vendors are the good guys. But this news of members of APT41 being indicted, according to a news release from the U.S. DoJ, highlights that if you’re looking at using a vendor that is not one of the major established players, you might be playing with fire.

The attacks included “supply chain attacks” where legitimate software providers were compromised and their code modified to facilitate further intrusions against the software providers’ customers.

One of the members charged, Tan DaiLin, was the subject of a 2012 KrebsOnSecurity investigation about his ties to whitelisted AV vendor Anvisoft. Despite this being brought to light, DaiLin and his cohorts continued for 7 years until being initial charged in August of 2019 and then again in 2020.

The Department of Justice release makes no mention of specific involvement of the AV software, but given APT41’s use of supply chain attacks, it makes sense that they would put the same code into Anvisoft’s product to facilitate access to customer networks.

Scary stuff.

The bottom line here is:

  1. Stick with known AV players and not a “free download” from the web. You’ll end up paying for it dearly if you do
  2. Same goes for point solutions from less-than-well-known vendors. APT41 compromised plenty of smaller software titles to gain their access.
  3. The bad guys are working tirelessly to gain access to and control over your network. Have a layered security strategy in place to detect abnormally-behaving software on your endpoints.
  4. As always, consider the use of Security Awareness Training as a means of stopping phishing attacks intent on infecting or encrypting your network.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo

Subscribe To Our Blog


New call-to-action




Get the latest about social engineering

Subscribe to CyberheistNews