APT41已从尘埃中崛起

APT41 Has Risen from the DUST SANS Cyber Threat 2024Chris Eastwood, MandiantSebastian Demmer, MandiantProprietary & ConfidentialProprietary & ConfidentialMandiantGoogle CloudContents01Introductions02APT41 Overview03Edge Device Exploitation04Historical Campaigns05Rise from the DUST06Key Takeaways2MandiantGoogle CloudProprietary & ConfidentialIntroductions3MandiantGoogle CloudProprietary & ConfidentialAPT41 Overview4APT41 is a Chinese state-sponsored group that conducts both espionage and cybercrime operations.This dual focus makes them unique compared to other threat actorsThey utilize custom malware and tools,demonstrating a high level of sophistication and resources. Some of their known tools include DEADEYE, LOWKEY, MURKYTOP, and now DUSTRAPAPT41 targets a wide range of industries,including healthcare, logistics, technology, andvideo games, for both intellectual property theft and financial gainThey have been observed exploiting vulnerabilitiesin popular software and services to gain