Chinese state-backed hacking operation APT41 has compromised Africa's government IT services infrastructure in a new cyberespionage campaign, according to The Hacker News.
After temporarily halting malicious activity following the execution of the Impacket, Atexec, and WmiExec modules on several workstations associated with the organization's IT infrastructure, APT41 proceeded to pilfer privileged account credentials to elevate privileges and move laterally across the network before launching Cobalt Strike for command-and-control communications, an analysis from Kaspersky showed. Aside from also using Microsoft SharePoint servers for C2, APT41 also harnessed the information-stealing payloads Pillager, Checkout, RawCopy, and Mimikatz for credential theft, credit card data pilfering, raw registry file copying, and account credential dumping activities, respectively. "The attackers are quick to adapt to their target's infrastructure, updating their malicious tools to account for specific characteristics. They can even leverage internal services for C2 communication and data exfiltration," said Kaspersky researchers.
After temporarily halting malicious activity following the execution of the Impacket, Atexec, and WmiExec modules on several workstations associated with the organization's IT infrastructure, APT41 proceeded to pilfer privileged account credentials to elevate privileges and move laterally across the network before launching Cobalt Strike for command-and-control communications, an analysis from Kaspersky showed. Aside from also using Microsoft SharePoint servers for C2, APT41 also harnessed the information-stealing payloads Pillager, Checkout, RawCopy, and Mimikatz for credential theft, credit card data pilfering, raw registry file copying, and account credential dumping activities, respectively. "The attackers are quick to adapt to their target's infrastructure, updating their malicious tools to account for specific characteristics. They can even leverage internal services for C2 communication and data exfiltration," said Kaspersky researchers.
