- APT41 member hacked more than 100 victims,
- APT41 compromised plenty of smaller softwares to gain their access,
- People should deal with trusted AV players.
The U.S. Department of Justice charged the member of APT41 group, Chinese Antivirus Vendor for hacking more than a hundred victims globally, as one of the group members running the AV Vendor Anvisoft, applying their skills to attack software providers’ customers, supply chain attacks.
Tan DaiLin, one of the APT41 group members charged was the subject of a 2012 KrebsOnSecurity investigation about his ties to whitelisted AV vendor Anvisoft. It took 7 years until he was initially charged in August 2019, by then Tan DaiLin and his team have been operating and again in 2020 the group continued with their operations, APT41 compromised plenty of smaller software titles to gain their access.
The cohorts attacks included supply chain attacks, where legitimate software providers were compromised and their code modified to facilitate further intrusions against the software providers’ customers, it makes sense that they would put the same code into Anvisoft’s product to facilitate access to customer networks. People should have a layered security strategy in place to detect abnormally behaving software on your endpoints.
The U.S. Department of Justice release did not mention of specific involvement of the AV software, but given APT41’s use of supply chain attacks, But the news of members of APT41 being indicted, reveals that if people are looking at using a vendor, they may end up engaging themselves into trouble. Therefore people should stick with known AV players rather than free AV. Microsoft Defender is good enough for the protection of software.
Hackers are operating tirelessly to attack and damage systems and softwares therefore people should always use security awareness training to stop users from downloading malicious apps and also visit trusted IT experts for help.