APT41 is a group that carries out Chinese state-sponsored espionage and financially motivated activity. APT41 has been active since as early as 2012. The group has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries.
The group is known to target technology and video game companies to compromise their Supply Chain and insert a backdoor to their products and is reported to be behind the infamous [ShadowPad] backdoor inserted first to NetSarang software. The group has been also observed inserting malicious code into legitimate video game files to distribute malware.
|Enterprise||VT0012||.001||Command and Scripting Interpreter: Unix Shell|
|Enterprise||VT0003||Exploit Public-Facing Application|
|Enterprise||VT0002||External Remote Services|
|Enterprise||VT0018||.001||Input Capture: Keylogging|
|Enterprise||VT0024||Network Service Scanning|
|Enterprise||VT0016||.002||Subvert Trust Controls: Code Signing|
|Enterprise||VT0004||.002||Supply Chain Compromise: Compromise Software Supply Chain|
|VS0008||ShadowPad||APT41 is reported to be behind the infamous modular backdoor ShadowPad, which was first discovered in the Software Supply Chain Compromise of Netsarang software.||Supply Chain Compromise: Compromise Software Supply Chain|
Created: 27 April 2021
Last Modified: 06 May 2021