Close
LATEST
NATION
Politics
Defense
Diplomacy
Diaspora
Minorities
REGION
Turkic World
Middle East
Balkans
WORLD
Europe
Africa
Americas
Asia & Pacific
Conflicts
BUSINESS
Economy
Finance
Energy
Tourism
Tech
Automotive
LIFESTYLE
Education
Health
Environment
Travel
Food
Science
CULTURE
History
Cinema
Music
Events
Portraits
Reviews
SPORTS
Football
Basketball
Volleyball
Motorsports
OPINION
Columns
Op-Ed
Editorial
Reader’s Corner
VISUALS
Photo
Video
Infographic
newsletters Newsletters
X Instagram Youtube
Menu
Türkiye Today
Search
Search Close
business
Newsletters Newsletters
Search Close
LATEST
NATION
Politics
Defense
Diplomacy
Diaspora
Minorities
REGION
Turkic World
Middle East
Balkans
WORLD
Europe
Africa
Americas
Asia & Pacific
Conflicts
BUSINESS
Economy
Finance
Energy
Tourism
Tech
Automotive
LIFESTYLE
Education
Health
Environment
Travel
Food
Science
CULTURE
History
Cinema
Music
Events
Portraits
Reviews
SPORTS
Football
Basketball
Volleyball
Motorsports
OPINION
Columns
Op-Ed
Editorial
Reader’s Corner
VISUALS
Photo
Video
Infographic
Home Business

China-based APT41 hacks key industries in Türkiye, UK

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. (Reuters Photo)
Photo
BigPhoto
A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. (Reuters Photo)
By Newsroom
July 19, 2024 03:27 PM GMT+03:00

Several organizations in the shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Türkiye, and the U.K. have been targeted by the China-based hacking group APT41, as part of a "sustained campaign" of cyberattacks.

APT41 rises from dust

According to a report published by Google-owned Mandiant on Thursday, APT41 successfully infiltrated and maintained unauthorized access to numerous networks since 2023, allowing the extraction of sensitive data over an extended period.

The attacks carried out by APT41, also known by aliases such as Barium, Wicked Panda, and Winnti, highlight their ability to maintain covert operations over extended periods.

Mandiant highlighted the uniqueness of APT41 among China-nexus actors due to its use of "non-public malware typically reserved for espionage operations in activities that appear to fall outside the scope of state-sponsored missions."

The technical report also reveals APT41's reconnaissance activities targeting similar sectors in Singapore, suggesting a potential expansion of their attack vectors. This indicates an increased threat to other regions and industries.

Figure 1: Attack path diagram of observed APT41 attack source: Mandiant
Figure 1: Attack path diagram of observed APT41 attack source: Mandiant

Dual-role operations

APT41 is known for its dual-role operations, combining state-sponsored espionage with financially motivated intrusions. Their espionage activities focus on health care, high-tech, telecommunications, economically significant sectors, and sophisticated attack techniques.

Recent attacks have showcased APT41's sophisticated methods:

  • Web Shells on Tomcat Apache Manager Servers: Used to deploy a dropper and a backdoor for command-and-control communications.
  • DUSTTRAP framework: A multi-stage plugin framework that minimizes forensic traces.
  • Command-line utility: Exported stolen data from Oracle databases.
  • Payload design: Establishes communication channels with APT41-controlled infrastructure or compromised Google Workspace accounts.

Mandiant has published indicators of compromise and forensic data to aid organizations in identifying and mitigating APT41 infections.

Historical context and global impact

APT41’s hacking activities span over a decade, impacting thousands of organizations worldwide, including software and video gaming companies, governments, universities, think tanks, non-profits, and pro-democracy figures in Hong Kong.

Their operations extend across multiple countries, including the United States, Australia, Brazil, Chile, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.

Legal actions

In response to these activities, the U.S. Department of Justice has charged several Chinese nationals – Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan, and Fu Qiang – linking them to APT41's hacking operations.

July 19, 2024 03:27 PM GMT+03:00
More From Türkiye Today
Türkiye sees sharp 24.6% surge in residential natural gas prices starting July 2
Türkiye sees sharp 24.6% surge in residential natural gas prices starting July 2
Business Clock Icon 1 min read
Everyone becomes 'AK Party loyalist' until they’re not: Recurring pattern inside Türkiye’s main opposition
Everyone becomes 'AK Party loyalist' until they’re not: Recurring pattern inside Türkiye’s main opposition
Nation Clock Icon 7 min read
Turkish tennis player Zeynep Sonmez becomes first Turkish woman to reach Wimbledon 2nd round
Turkish tennis player Zeynep Sonmez becomes first Turkish woman to reach Wimbledon 2nd round
Sports Clock Icon 1 min read
Türkiye welcomes US decision to lift some sanctions on Syria
Türkiye welcomes US decision to lift some sanctions on Syria
Nation Clock Icon 1 min read
NATION
Politics
Defense
Diplomacy
Diaspora
Minorities
REGION
Turkic World
Middle East
Balkans
WORLD
Europe
Africa
Americas
Asia & Pacific
Conflicts
BUSINESS
Economy
Finance
Energy
Tourism
Tech
Automotive
LIFESTYLE
Education
Health
Environment
Travel
Food
Science
CULTURE
History
Cinema
Music
Events
Portraits
Reviews
SPORTS
Football
Basketball
Volleyball
Motorsports
OPINION
Columns
Op-Ed
Editorial
Reader’s Corner
VISUALS
Photo
Video
Infographic
About Us Newsletters Contact Us Jobs Privacy Advertise RSS
© 2025 Ihlas Media Group. All Rights Reserved