top of page

APT41 World Tour 2021 on a tight schedule

n March 2022 one of the oldest state-sponsored hacker groups, APT41, breached government networks in six US states, including by exploiting a vulnerability in a livestock management system, Mandiant investigators have reported.


MALWARE FAMILIES: Cobalt Strike, StealthMutant

ATT&CK IDS: T1055 - Process Injection, T1195 - Supply Chain Compromise, T1187 - Forced Authentication, T1490 - Inhibit System Recovery, T1068 - Exploitation for Privilege Escalation, T1189 - Drive-by Compromise, T1110 - Brute Force, T1566 - Phishing, T1104 - Multi-Stage Channels, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1012 - Query Registry, T1016 - System Network Configuration Discovery, T1018 - Remote System Discovery, T1027 - Obfuscated Files or Information, T1041 - Exfiltration Over C2 Channel, T1046 - Network Service Scanning, T1047 - Windows Management Instrumentation, T1049 - System Network Connections Discovery, T1053 - Scheduled Task/Job, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1069 - Permission Groups Discovery, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1087 - Account Discovery, T1090 - Proxy, T1105 - Ingress Tool Transfer, T1124 - System Time Discovery, T1135 - Network Share Discovery, T1190 - Exploit Public-Facing Application, T1222 - File and Directory Permissions Modification, T1482 - Domain Trust Discovery, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1550 - Use Alternate Authentication Material, T1552 - Unsecured Credentials, T1555 - Credentials from Password Stores, T1560 - Archive Collected Data, T1562 - Impair Defenses, T1569 - System Services, T1570 - Lateral Tool Transfer, T1596 - Search Open Technical Databases, T1602 - Data from Configuration Repository

Read More:

1 view


Os comentários foram desativados.
bottom of page