Overview: APT41, also known as Brass Typhoon. Espionage targeting healthcare, telecoms, and the high-tech sector, with a target of stealing intellectual property and conducting surveillance against its victims.

Suspected Attribution: China-based

Target Sectors: This threat actor steals intellectual property through intrusions, seeks manipulation of virtual currencies and deployment of ransomware. Ops against higher education, travel services, and news/media all hint the group tracks individuals and conducts surveillance.

Attack Vectors: Spearphishing emails with attachments like compiled HTML (.chm) files for initial compromise. Once inside, they use backdoors, credential stealers, keyloggers, rootkits, and Master Boot Record (MBR) bootkits to hide and maintain persistence.

Associated Malware: At least 46 different code families and tools.

Related Terms

Advanced Persistent Threat (APT)

An Advanced Persistent Threat (APT) is a targeted and prolonged cyber attack by skilled attackers who gain ...

Anti-Phishing

Techniques and mechanisms implemented in SWGs to detect and block phishing attacks, which attempt to deceive users ...

API Attack Surface

The set of all endpoints and functions exposed by an application programming interface (API) that could be ...

APT35

Overview: APT35, also known as Charming Kitten, Newscaster, or Mint Sandstorm, conducts long-term, ...

APT39

Overview: APT39, also known as Chafer, surveils individuals and entities considered to be a threat to Iranian ...

Aquatic Panda

Overview: Aquatic Panda collects intelligence and conducts industrial espionage. Suspected Attribution: ...

Attack Surface

The total sum of all potential points or areas in a system, network, or application that are susceptible to ...

Attack Surface Analysis

The process of evaluating and understanding the various entry points and potential weaknesses in a system or ...

Attack Surface Reduction

Strategies and practices aimed at minimizing the overall attack surface by eliminating unnecessary services, ...

Backdoor

A hidden entry point or mechanism intentionally left in a system by developers or attackers to bypass security ...

Bandwidth Control

The ability to manage and allocate network bandwidth for web traffic, ensuring optimal performance and preventing ...

Banyan Threat Protection

Banyan Threat Protection is a section within the ITP Policy page, in which an admin can block threats from end ...