Advanced persistent threat (APT) group known as APT41, Bronze Atlas, Barium, Double Dragon, and Wicked Panda, has been observed targeting at least 13 organizations spanning several countries during the 2021 calendar year. According to new information from Group-IB, the Chinese threat actor targeted organizations in Taiwan, the US, India, Vietnam, and China. The campaigns have been split up into four distinct parts. Group-IB released a report stating that this marks the first time that researchers were able to identify the group’s 2021 working hours. According to Group-IB, the threat actor operates during times similar to regular office business hours.
Group-IB stated that the majority of the attacks were identified as primarily relying on SQL injections on targeted domains. In addition, the group launched several attacks that included custom Cobalt Strike tools. The Cobalt Strike beacons were often split and delivered in smaller pieces of code so as to avoid detection. Group-IB also stated that organizations in the public sector, manufacturing, healthcare, logistics, hospitality, aviation, and education were most likely to be attacked in the previously observed campaigns.
Read More: China-backed APT41 Group Hacked at Least 13 Victims in 2021
