APT41 Has Arisen From the DUST

Written by: Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore


 

<

div class=”block-paragraph_advanced”>

Executive Summary

  • In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the advanced persistent threat group APT41 targeting and successfully compromising multiple organizations operating within the global shipping and logistics, media and entertainment, technology, and automotive sectors. The majority of organizations were operating in Italy, Spain, Taiwan, Thailand, Turkey, and the United Kingdom.
  • APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims’ networks since 2023, enabling them to extract sensitive data over an extended period. 
  • APT41 used a combination of ANTSWORD and BLUEBEAM web shells for the execution of DUSTPAN to execute BEACON backdoor for command-and-control communication. Later in the intrusion, APT41 leveraged DUSTTRAP, which would lead to hands-on keyboard activity. APT41 used publicly available tools SQLULDR2 for copying data from databases and PINEGROVE to exfiltrate data to Microsoft OneDrive.

Overview

Recently, Mandiant became aware of an APT41 intrusion where the malicious actor deployed a combination of ANTSWORD and BL

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Threat Intelligence

Read the original article: