A sophisticated threat group is going after a variety of industries using spearphishing and an arsenal of malware, according to Nalani Fraser and Fred Plan from FireEye. Fraser and Plan recently joined the CyberWire’s Research Saturday podcast to discuss the activities of APT41, a suspected Chinese hacking crew with an interesting attack pattern.
APT41 is different from other state-sponsored espionage groups in that many of its activities are financially motivated, and it appears to work concurrently as a contractor for the Chinese government. Plan told the CyberWire that the hackers tailor their methodology and toolset based on the organization they’re targeting.
“But what's interesting is they don't really dig deep into their bucket of tools, you know, they don't really go deep into their arsenal unless they have to,” Plan said. “And so the demonstrated range of sophistication is highly variable from one victim to the next. And I think that's been really interesting about it. So, like, you know, at one organization, for example, they'll just use a simple spearphish, and then they'll get in and they'll just use publicly available tools, and then that's good enough to achieve what they want.”
Fraser and Plan explained that APT41 seems to target the video game industry for financial gain, while the group’s intelligence gathering campaigns shift between healthcare, high-tech, and other industries, which the researchers say is consistent with contracting work. Fraser added that the group often uses targeted phishing attacks to initially compromise an organization’s networks.
“Despite their sophistication – we know they're a very sophisticated group, they have a ton of malware in their toolset – their initial infection vector into a lot of victims is spearphishing,” Fraser said. “And so if you can do that security training upfront with all of your users to make sure that they're identifying potential spearphishing and reporting it, then you can potentially get ahead of the actual infection, or at least stopping it early in their tracks. Because we know that once they get into the environment, they're very quickly moving.”
Phishing is usually the weapon of choice in both criminal and state-sponsored cyberattacks. New-school security awareness training can enable your employees to spot these attacks before attackers gain access to your networks.
The CyberWire has the story: https://thecyberwire.com/podcasts/cw-podcasts-rs-2019-10-05.html