February 26, 2021

TerabitWeb Blog

Fascinating Technology and Security Information

APT41 activity down during China COVID-19 quarantines; massive campaign undeterred

2 min read

Original Post from SC Magazine
Author: Doug Olenick

COVID-19 spreading through parts of China did not entirely deter APT41 from carrying out one of the largest campaigns ever conducted by a Chinese cyberespionage group.

The attacks were not directly tied to the Coronavirus outbreak nor did the attackers attempt to leverage the virus in any way, but FireEye noted the group’s activity did decrease at two points during the campaign as China began to lockdown regions to contain the illness.

“We did not
observe APT41 activity at FireEye customers between February 2 and February 19,
2020. China initiated COVID-19 related quarantines in cities in Hubei province
starting on January 23 and January 24, and rolled out quarantines to additional
provinces starting between February 2 and February 10. While it is possible
that this reduction in activity might be related to the COVID-19 quarantine
measures in China, APT41 may have remained active in other ways, which we were
unable to observe with FireEye telemetry,” the report stated.

Overall, between
January 20 and March 11 FireEye tracked the gang attempting to exploit
vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine
Desktop Central at more than 75 in 20 different countries, including the United
States, UK and Japan. APT41 cast its net quite wide attempting to obtain
information from companies in the banking, construction, defense, news and
manufacturing sectors.

FireEye has detailed
the exact vulnerabilities APT41 attempted to leverage.

With the Citrix
Application Delivery Controller (ADC) and Citrix Gateway devices with
CVE-2019-19781, which was first disclosed in December 2019. A software update
was issued, but FireEye noted these attacks were specifically conducted against
Citrix devices indicating the malicious actors knew ahead of time which devices
to attack.

Related Articles

The post APT41 activity down during China COVID-19 quarantines; massive campaign undeterred appeared first on SC Media.


Go to Source
Author: Doug Olenick

Copyright © All rights reserved. | Newsphere by AF themes.