APT41, a sophisticated Chinese state-sponsored threat actor, blends cyber espionage with cybercrime tactics. They target various sectors globally, including healthcare, telecom, and government entities. Recently, APT41 was observed using Google Calendar for malware command-and-control on a Taiwanese government website. Their attack chain involves spear-phishing emails, malicious ZIP archives, and a three-module malware system called ToughProgress. This malware uses stealthy techniques like in-memory execution, encryption, and process hollowing to evade detection. The unique aspect of ToughProgress is its use of Google Calendar events for covert data exchange, creating a stealthy communication channel for remote command execution and data exfiltration. Author: AlienVault
Related Tags:
PLUSINJECT
PLUSDROP
TOUGHPROGRESS
T1102.003
T1218.011
state-sponsored
T1568.002
T1566.001
T1027.002
Associated Indicators:
469B534BEC827BE03C0823E72E7B4DA0B84F53199040705DA203986EF154406A
3B88B3EFBDC86383EE9738C92026B8931CE1C13CD75CD1CDA2FA302791C2C4FB
A04CFF8208769ECDC43E14291273C3A540199D07
A6A29946269107B9FD3BCD85386EF9D7438B7AE1
E7AD8D1D670757EBA247D4992AF54A9003E35A7D
876FB1B0275A653C4210AAF01C2698EC
65DA1A9026CF171A5A7779BC5EE45FB1
2EC4EEEABB8F6C2970DCBFFDCDBD60E3