In March 2022 one of the oldest state-sponsored hacker groups, APT41, breached government networks in six US states, including by exploiting a vulnerability in a livestock management system, Mandiant investigators have reported. Throughout 2021, we closely watched APT41’s activity using our system called Group-IB Threat Intelligence, which is continuously enriched with indicators of compromise (IOCs) and new rules for hunting hacker groups and threat actors.
Our efforts have resulted in about 80 proactive notifications to private and government organizations worldwide regarding APT41 attacks (both in progress and completed) against their infrastructures so that the organizations could take the necessary steps to protect themselves or search for traces of compromise in their networks. The data about the tactics, techniques and procedures (TTPs) used by the attackers that we collected helped us attribute the group’s other attacks. Using this data, we identified the threat actors’ “work” schedule, which makes it possible to describe their origin in more detail. In this blog post, we share our findings and describe the main methods, tactics and tools used by one of the most dangerous threat groups out there, APT41, in 2021. ...read more!
