Threat Actor: APT 41; aka “Double Dragon”, "Wicked Panda", "BARIUM", "Winnti"
Date of Activity: ~2012-Present
Area of Operations: Global
Overview: APT 41, also known as Double Dragon, is a sophisticated cyber espionage group that has been active since at least 2012. It is believed to be operating out of China and has been linked to a number of high-profile cyber-attacks against organizations around the world.
APT 41 is known for its advanced tactics, techniques, and procedures (TTPs), which allow it to evade detection and successfully compromise targeted systems. It has been observed using a variety of tools and techniques, including custom malware, exploit kits, and spear phishing campaigns, to gain access to its targets.
Once inside a target network, APT 41 is known to operate stealthily, gathering intelligence and exfiltrating data over extended periods of time without being detected. It has been linked to several high-profile cyber-attacks against government, military, and commercial organizations, including attacks against companies in the gaming, telecom, and healthcare industries.
APT 41 received its name 'Double Dragon' as it is suspected that the group conducts operations for the Chinese Government by day and conducts financially motivated hacking operations by night, with the Chinese Government not publicly deterring Double Dragon actors from conducting these financially motivated operations.
APT 41 is a highly advanced and persistent threat, and it is likely to continue to pose a significant risk to organizations around the world.
• Nation-state tool set; to include exploits, implants, and RATs
• Custom malware and exploit kits specific to targets
• Sophisticated Social engineering
• The creation of fake organizations and brands to evoke legitimacy
• Supply-chain interdiction and attacks
• Human enabled access
• Credential stuffing and re-use
• Pitching initial access to themselves for financial gain after espionage is conducted; hence ‘Double Dragon’