Tag: apt41

In late October 2024, a government website was discovered hosting malware targeting multiple government entities. The malware, dubbed TOUGHPROGRESS, utilized Google Calendar for command and control. Attributed to APT41, a PRC-based actor, the campaign targeted global organizations in various sector…

The article analyzes a cluster of network infrastructure associated with KEYPLUG, attributed to a suspected Chinese state-sponsored actor known as RedGolf or APT41. By examining historical TLS certificates and server configurations, researchers uncovered ongoing activity and links to recent operati…

The report details sophisticated command and control (C2) techniques employed by the APT41 threat group. APT41 uses custom malware and legitimate tools to maintain persistent access to compromised networks while evading detection. Key techniques include DNS tunneling, domain fronting, and steganogr…