APT41, a Chinese cyber espionage group, has initiated a campaign focusing on government IT services in Africa, which has seen limited activity from this group. Kaspersky's investigation revealed that attackers exploited hardcoded internal services and embedded proxy servers within their malware. The campaign utilizes a compromised host to execute commands and establish communication through command-and-control servers, showcasing advanced techniques like privilege escalation using harvested credentials and deploying Cobalt Strike for C2 communication.
APT41 has initiated a campaign targeting government IT services in Africa, utilizing hardcoded internal service names and embedded proxy servers in their malware.
Kaspersky identified a suspicious activity within an organization's IT infrastructure, revealing a compromised host executed with Impacket and commands related to C2 server availability.
Collection
[
|
...
]