APT41已从尘埃中崛起.pdf

《APT41已从尘埃中崛起.pdf》由会员分享，可在线阅读，更多相关《APT41已从尘埃中崛起.pdf（19页珍藏版）》请在三个皮匠报告上搜索。

1、APT41 Has Risen from the DUST SANS Cyber Threat 2024Chris Eastwood,MandiantSebastian Demmer,MandiantProprietary&ConfidentialProprietary&ConfidentialMandiantGoogle CloudContents01Introductions02APT41 Overview03Edge Device Exploitation04Historical Campaigns05Rise from the DUST06Key Takeaways2MandiantG

2、oogle CloudProprietary&ConfidentialIntroductions3MandiantGoogle CloudProprietary&ConfidentialAPT41 Overview4APT41 is a Chinese state-sponsored group that conducts both espionage and cybercrime operations.This dual focus makes them unique compared to other threat actorsThey utilize custom malware and

3、 tools,demonstrating a high level of sophistication and resources.Some of their known tools include DEADEYE,LOWKEY,MURKYTOP,and now DUSTRAPAPT41 targets a wide range of industries,including healthcare,logistics,technology,and video games,for both intellectual property theft and financial gainThey ha

4、ve been observed exploiting vulnerabilities in popular software and services to gain initial access to target networks.APT41 has a history of targeting individuals of interest,even using malware to compromise their personal devices.MandiantGoogle CloudProprietary&ConfidentialWhat is interesting abou

5、t APT41?5Duality of state-sponsored and independent cybercrime operationsConsistent interest in targeting the Video Game industryOperations motivated simultaneously by intelligence gathering and financial gainSuite of custom non-public malwareEspionage operations activity matches Chinas“996”work sch

6、edule,but financial gain(video game targets)operations occur overnightSome overlap with samples used for both targetsMandiantGoogle CloudProprietary&ConfidentialVictimology6Targeted Countries:USAUnited KingdomFranceItalyTurkeyTaiwanThailandJapanMandiantGoogle CloudProprietary&ConfidentialHistorical