Nation-State Actor
APT41 (Double Dragon)
China • Active since 2012
APT41 is a Chinese hacking group that works for the government but also does crimes for money on the side. They hack video game companies, hospitals, and telecom providers. They are unusual because most government hackers only do spy stuff, but these guys also steal for personal profit.
Overview
APT41 is a Chinese state-sponsored threat group that conducts both espionage operations and financially motivated attacks. Unique among nation-state actors, they engage in cybercrime for personal gain alongside state-directed missions. They have targeted healthcare, telecom, technology, and video game industries.
Also Known As
Double Dragon, Barium, Winnti, Wicked Panda, Bronze Atlas
Target Industries
Healthcare, Telecom, Technology, Video Games, Finance, Travel
Target Regions
United States, Europe, Asia, Global
Is your business exposed?
Tactics, Techniques & Procedures
- • Supply chain compromise
- • Exploitation of public-facing applications
- • SMS interception
- • Ransomware deployment
- • Credential theft
Known Tools & Malware
CROSSWALK, MESSAGETAP, Cobalt Strike, DUSTPAN, DUSTTRAP, ShadowPad
Notable Campaigns
Telecom Network Intrusions (2019)
Compromised telecom providers to intercept SMS messages and call records.
Video Game Supply Chain Attack (2017)
Trojanized video game software updates affecting millions of users.
MITRE ATT&CK Techniques
T1195.002, T1190, T1566.001, T1059.001, T1078
Defense Recommendations
- 1.
Audit software supply chain vendors
- 2.
Monitor for ShadowPad indicators
- 3.
Implement SMS security for executives
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required