APT41: A well-known Chinese cyberespionage group with a history of targeting various sectors globally. They are known for their sophisticated techniques and possible state backing.
KeyPlug: A modular backdoor malware allegedly used by APT41. It is written in C++ and functions on both Windows and Linux machines.
Brief overview
Cybersecurity experts at Yorai have discovered the threat. APT41 is a cyber threat group from China that is well-known for its extensive cyber espionage and cybercrime campaigns. It is also known by many aliases, including Amoeba, BARIUM, BRONZE ATLAS, BRONZE EXPORT, Blackfly, Brass Typhoon, Earth Baku, G0044, G0096, Grayfly, HOODOO, LEAD, Red Kelpie, TA415, WICKED PANDA, and WICKED SPIDER.
APT41 aims to steal confidential information, compromise systems for financial or strategic advantage, and target a wide range of industries, including government, manufacturing, technology, media, education, and gaming.
Technical Analysis
The backdoor has been developed to target both Windows and Linux operative systems and uses different protocols to communicate which depend on the configuration of the malware sample itself.
The use of malware, phishing, supply chain attacks, and the exploitation of zero-day software vulnerabilities are som
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.