Dark
Light

China’s APT41 hits Taiwan Research Institute with cyber espionage

1 min read
49 views




Article Summary

TLDR:

  • China’s APT41 targeted a Taiwan research institute for cyber espionage
  • APT41 gained initial access in July 2023 and used various malware tools

China’s APT41 targeted a government-affiliated institute in Taiwan that focuses on advanced computing and related technologies. The intrusion began in July 2023, with APT41 gaining initial access through unspecified means. The threat actor used malware tools like ShadowPad, Cobalt Strike, and a custom loader to steal research data. APT41 is a China-linked group known for cyber espionage and financially motivated cyber attacks.

Key Points:

China’s APT41, a state-sponsored group, compromised a Taiwan research institute for cyber espionage, targeting advanced computing research.
The intrusion started in July 2023, with APT41 using malware tools like ShadowPad and Cobalt Strike to steal research data.
APT41 is part of a collective of China-nexus threat groups engaged in cyber espionage globally since 2012, targeting various sectors like technology, entertainment, and automotive.

Researchers at Cisco Talos discovered APT41’s intrusion, noticing abnormal activity involving PowerShell scripts in the victim’s network environment last year.
The attackers exploited the ShadowPad remote access Trojan and Cobalt Strike post-compromise tool to map the victim network and harvest credentials.
The attackers also used steganography to hide Cobalt Strike beacon shellcode inside a picture to evade antivirus detection.

APT41’s attack on the Taiwan research institute highlights the value of academic research as a cyber target for threat actors looking to obtain proprietary technologies.
The group used multiple cyber espionage tools to breach three systems in the victim’s environment and steal research documents, demonstrating a sophisticated and persistent threat.


Previous Story

Prepare for shopping with these key questions about security platforms

Next Story

Collab safeguards railways from cyber threats with innovative solutions

Latest from News