APT41 has run one of the most widespread cyber espionage campaigns in recent years for more customers worldwide.
From January to March, the hacker group tried to identify vulnerabilities in Cisco routers. The attacked companies are located on all continents and come among other things, from the financial environment, the defense industry and the healthcare system. But hackers were also targeting governments, universities, the manufacturing industries, as well as utilities. It is believed that these attacks by APT41 were also about stealing intellectual property. There are also indications that the attacks served to spy and monitor the targeted networks. However, it is unclear who was selected by APT41 for an attack and why.
APT are hacker groups that carry out professional operations against strategic goals for several years. This makes them suspicious of being supported by nation states or even being part of their secret services or armies. For the individual groups, IT security companies have come up with adventurous names. The US company FireEye simply numbered the groups classified in this way.
What Is Special About The Current Hackers?
They apparently not only spy, but also behave like ordinary cyber criminals. The FireEye experts evaluated the times when the hackers were active. They found that during their supposed end of the day they regularly tried to make profit from their hacking operations for their own wallets. They used software tools that were also used for their spy jobs. In one case, the spies first tried to manipulate a computer game company’s cryptocurrency that allowed players to buy virtual items within the game. When that didn’t work, the hackers installed ransomware on the company’s network, trying to extort ransom payments. To do this, they used blackmail software available.