CNPeople's Republic of ChinaG0096

APT41APT41

Also known as: G0096 · TA415 · Blackfly · Grayfly · LEAD · BARIUM · WICKED SPIDER · WICKED PANDA · BRONZE ATLAS · BRONZE EXPORT · Red Kelpie · G0044 · Earth Baku · Amoeba · HOODOO · Brass Typhoon · Winnti · Double Dragon · TG-2633 · Leopard Typhoon · APT41

Origin
CN
Known aliases
21
Target sectors
16
Attribution
State-sponsored

Profile

APT41 is a Chinese-attributed threat actor catalogued by MISP-Galaxy (MISP-Galaxy v341). The group is also tracked as G0096, TA415, Blackfly (and 17 more). Operational targeting focuses on the Automotive, Business, Services, Cryptocurrency, Education, Energy, Financial, Healthcare, High-Tech, Intergovernmental, Media and Entertainment, Pharmaceuticals, Private sector, Retail, Telecommunications, and Travel sectors. Documented victim organisations include China, France, Hong Kong and 13 other named victims. Original record: APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control.

Aliases· 21

TA415BlackflyGrayflyLEADBARIUMWICKED SPIDERWICKED PANDABRONZE ATLASBRONZE EXPORTRed KelpieEarth BakuAmoebaHOODOOBrass TyphoonWinntiDouble DragonTG-2633Leopard TyphoonAPT41
G0096G0044

Target sectors· 16

AutomotiveBusinessServicesCryptocurrencyEducationEnergyFinancialHealthcareHigh-TechIntergovernmentalMedia and EntertainmentPharmaceuticalsPrivate sectorRetailTelecommunicationsTravel

Known victims· 16

  • China
  • France
  • Hong Kong
  • India
  • Italy
  • Japan
  • Myanmar
  • Netherlands
  • Singapore
  • South Korea
  • South Africa
  • Switzerland

MITRE ATT&CK Group crosswalk

G0096

References

  1. https://securelist.com/winnti-faq-more-than-just-a-game/57585/
  2. https://securelist.com/winnti-more-than-just-a-game/37029/
  3. http://williamshowalter.com/a-universal-windows-bootkit/
  4. https://www.microsoft.com/security/blog/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/
  5. https://securelist.com/games-are-over/70991/
  6. https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
  7. https://www.dw.com/en/thyssenkrupp-victim-of-cyber-attack/a-36695341
  8. https://www.bleepingcomputer.com/news/security/teamviewer-confirms-undisclosed-breach-from-2016/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
APT4
Actor
APT22
Actor
APT31
Actor
APT15
Actor
APT21
Actor
APT27
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.