APT41 Now Targeting Southeast Asian Entities With New Malware

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Actors of the APT41 group have been observed by researchers at Trend Micro in a new campaign targeting India, Indonesia, Malaysia, Taiwan, Vietnam, and the Philippines. The sophisticated hackers are using novel shellcode loaders such as ‘StealthVector’ and ‘StealthMutant’, and a new backdoor dubbed ‘ScrambleCross’.

As the technical report reveals, the campaign goes as far back as July 2020, but APT41 has been updating its exploit methods and toolset along the way. The only tool that has remained stable since November 2018 is Cobalt Strike, the widely abused threat emulation software.
The attack vectors are the following:
  • SQL injection through a script into the MS SQL Server
  • Exploitation of the CVE-2021-26855 (MS Exchange Server ProxyLogon) to upload a malicious web shell
  • Addition of the “InstallUtil.exe” installer app into the scheduled tasks
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top