Alias Description | Votes |
---|---|
Barium is a possible alias for APT41. Barium, also known as BRONZE ATLAS or APT41, is a threat actor that has been associated with various malicious activities. Originating from China and active since at least 2007, this group has been implicated in cyberespionage efforts targeting multiple sectors across the globe. In 2017, according t | 6 |
Winnti is a possible alias for APT41. Winnti, a notorious threat actor group, has been linked to several sophisticated cyber-espionage activities. First identified by Kaspersky in 2013, it is believed that the group has been active since at least 2007, primarily targeting software supply chains to spread malware. Winnti is part of the A | 5 |
DragonEgg is a possible alias for APT41. DragonEgg is a malware associated with the notorious Chinese Advanced Persistent Threat (APT) group, APT41. This malicious software was developed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. The malware has been linked to surveillance | 4 |
Wyrmspy is a possible alias for APT41. WyrmSpy is a sophisticated malware attributed to the Chinese espionage group APT41, also known as Double Dragon, BARIUM, and Winnti. This harmful software, designed to exploit and damage computer systems or devices, infects systems through suspicious downloads, emails, or websites, often without use | 4 |
KEYPLUG is a possible alias for APT41. KeyPlug is a sophisticated malware developed by APT41, also known as the Chinese RedGolf Group. It's written in C++ and supports multiple network protocols for command and control (C2) traffic, including HTTP, TCP, KCP over UDP, and WSS. The malware was primarily used to target Windows systems, spec | 4 |
Wicked Panda is a possible alias for APT41. Wicked Panda, also known as APT41, Double Dragon, and Brass Typhoon, is a China state-sponsored threat actor identified by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center as one of the top cybersecurity threats. The group, which has been linked to multipl | 4 |
Hoodoo is a possible alias for APT41. HOODOO, also known as APT41 and numerous other aliases, is a Chinese-origin cyber threat group recognized for its extensive cyber espionage and cybercrime campaigns. The group, which has potential ties to the Chinese government, targets various sectors with complex campaigns aimed at exfiltrating se | 4 |
Winnti Group is a possible alias for APT41. The Winnti Group, a threat actor associated with the Chinese state-sponsored hacking activities, has been active since at least 2007, according to researchers from Kaspersky Lab who first identified the group in 2013. The group initially gained notoriety for its attacks on computer game developers a | 3 |
Earth Longzhi is a possible alias for APT41. Earth Longzhi, a suspected subgroup of the notorious APT41, has reemerged after months of inactivity and is now attacking organizations across various industries in Southeast Asia. This group had been on hiatus since its last campaign which ran from August 2021 to June 2022. Trend Micro's investigat | 3 |
Blackfly is a possible alias for APT41. Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz | 3 |
Mustang Panda is a possible alias for APT41. Mustang Panda, a known Chinese advanced persistent threat (APT) group, has been identified as the likely perpetrator behind a sophisticated, ongoing cyber-espionage campaign. The group, also known as Stately Taurus, Bronze President, RedDelta, Luminous Moth, Earth Preta, and Camaro Dragon, has a 12- | 2 |
Redgolf is a possible alias for APT41. RedGolf, a Chinese state-sponsored threat activity group, has been actively targeting Windows and Linux systems with the KEYPLUG backdoor. This group's activities have been closely associated with other threat groups including APT41, Wicked Panda, Bronze Atlas, and Barium. The first known use of the | 2 |
Volt Typhoon is a possible alias for APT41. Volt Typhoon, a threat actor group reportedly linked to China, has been identified as a significant cybersecurity concern due to its sophisticated techniques and apparent focus on critical infrastructure. The group's operations have been marked by strong operational security and the use of obfuscati | 2 |
Longzhi is a possible alias for APT41. Earth Longzhi, a subgroup within the notorious APT41 cyber espionage group, has re-emerged after months of dormancy, according to cybersecurity researchers at Trend Micro. The threat actor has been known for its malicious activities since 2020 and has recently targeted organizations in Taiwan, Thail | 2 |
Earth Baku is a possible alias for APT41. Earth Baku, a threat actor identified in the cybersecurity landscape, has been executing actions with malicious intent, posing significant challenges to cybersecurity defenses. This entity could comprise of a single person, a private company, or part of a government entity. Earth Baku is known for u | 2 |
Double Dragon is a possible alias for APT41. Double Dragon, also known as APT41, Winnti, or Barium, is a prominent Advanced Persistent Threat (APT) group believed to have originated from China. As a threat actor, Double Dragon represents a human entity with the intent to execute actions of a malicious nature. The group has been identified by t | 2 |
Lightspy is a possible alias for APT41. LightSpy, a notable threat actor in the cybersecurity landscape, has renewed its espionage campaign, primarily targeting South Asia. This group, which could be an individual, a private company, or part of a government entity, is known for executing actions with malicious intent. The latest wave of a | 2 |
Brass Typhoon is a possible alias for APT41. Brass Typhoon, previously known as Barium, is a threat actor group originating from China. The group has been involved in numerous software-supply-chain attacks globally, making it one of the most active and threatening groups in this domain. Brass Typhoon uses sophisticated techniques and tools to | 2 |
Daggerfly is a possible alias for APT41. DaggerFly, also known as Evasive Panda and StormBamboo, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group is renowned for its use of the custom MgBot malware framework, which it leverages to conduct cyberespionage activities against indi | 2 |
Axiom is a possible alias for APT41. Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventi | 2 |
Bronze Atlas is a possible alias for APT41. Bronze Atlas, also known as APT41, Winnti Group, or HOODOO, is a significant threat actor identified in the cybersecurity industry. The group has been involved in various malicious activities and has been tracked by Secureworks' Counter Threat Unit since at least 2007. According to Marc Burnard, a s | 2 |
Earth Estries is a possible alias for APT41. Earth Estries is a cyberespionage group, or threat actor, that has targeted government entities and tech firms across the globe, including in the US, Germany, South Africa, Asia, Malaysia, the Philippines, and Taiwan. While the exact origin of Earth Estries remains unclear, there are indications sug | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The ShadowPad Malware is associated with APT41. ShadowPad is a modular malware that has been utilized by various Chinese threat actors since at least 2017. It's a malicious software designed to infiltrate computer systems, often without the user's knowledge, and can cause significant damage by stealing personal information, disrupting operations, | Unspecified | 6 |
The ZxShell Malware is associated with APT41. ZXShell is a malicious software (malware) that has been used by various cyber threat actors to exploit and damage computer systems. It is known to be associated with other malware such as PANDORA, SOGU, GHOST, WIDEBERTH, QUICKPULSE, FLOWERPOT, QIAC, Gh0st, Poison Ivy, BEACON, HOMEUNIX, STEW, among o | Unspecified | 5 |
The PlugX Malware is associated with APT41. PlugX is a malicious software (malware) known for its stealthy operations. It has been linked to several cyberattacks, and its use has been attributed to various threat groups, including Winnti and MustangPanda. The malware leverages DLL side-loading to remain undetected, making it a potent tool in | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Lancefly Threat Actor is associated with APT41. Lancefly, a threat actor potentially associated with China, has been identified as the group behind an ongoing cyberespionage campaign targeting organizations in South and Southeast Asia. The targets include government bodies, aviation companies, educational institutions, and telecommunication secto | Unspecified | 5 |
The GALLIUM Threat Actor is associated with APT41. Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas | Unspecified | 3 |
The I-Soon Threat Actor is associated with APT41. i-Soon, also known as Anxun, is a threat actor identified as a private industry contractor for the Chinese Ministry of Public Security (MPS). The company has recently been implicated in a massive data leak that surfaced on Github. As elaborated by Tom Uren and Catalin Cimpanu, i-Soon frequently init | Unspecified | 3 |
The Redfly Threat Actor is associated with APT41. RedFly, a threat actor group known for its malicious activities, has emerged as a significant cybersecurity concern. The group's operations are characterized by their strategic execution and targeted focus, often resulting in substantial security breaches. Threat actors like RedFly pose a significan | Unspecified | 2 |
The Earth Freybug Threat Actor is associated with APT41. Earth Freybug is a threat actor that has been active since at least 2012, engaging in cyber espionage and financially motivated activities. It's considered a subset of APT41, a collective of Chinese threat groups known by various names such as Winnti, Wicked Panda, Barium, and Suckfly. Earth Freybug | is related to | 2 |
The Emerald Sleet Threat Actor is associated with APT41. Emerald Sleet, a threat actor associated with North Korea, has been identified as a significant player in cyber espionage. This group is known for its sophisticated use of artificial intelligence and machine learning models (LLMs), leveraging them to enhance spear-phishing campaigns, research public | Unspecified | 2 |
The Thallium Threat Actor is associated with APT41. Thallium, also known as Kimsuky, APT43, Velvet Chollima, and Black Banshee, is a significant threat actor that has been active since at least 2012. This group, believed to be operating on behalf of the North Korean regime, conducts intelligence collection and uses cybercrime to fund espionage activi | Unspecified | 2 |
The Lazarus Group Threat Actor is associated with APT41. The Lazarus Group, a threat actor commonly associated with North Korea, has been implicated in numerous cyber attacks and exploitations over the years. This group is known for its sophisticated techniques and high-profile targets, including the infamous $600 million Ronin sidechain exploit in 2022. | Unspecified | 2 |
The Apt43 Threat Actor is associated with APT41. APT43, also known as Kimsuky, is a North Korean state-sponsored Advanced Persistent Threat (APT) group that poses significant concerns for various sectors, notably the U.S. healthcare and public health sector. This group conducts intelligence collection and has been known to use cybercrime to fund e | Unspecified | 2 |
The APT1 Threat Actor is associated with APT41. APT1, also known as Unit 61398 or Comment Crew, is a notorious cyber-espionage group believed to be part of China's People's Liberation Army (PLA) General Staff Department's 3rd Department. This threat actor has been linked with several high-profile Remote Access Trojans (RATs), enabling them to tak | is related to | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The CVE-2021-44207 Vulnerability is associated with APT41. CVE-2021-44207 is a significant software vulnerability that was exploited by APT41, a prolific Chinese state-sponsored espionage group known for targeting both public and private sector organizations. This flaw in the USAHerds web application's design or implementation mirrors a previously reported | Unspecified | 2 |
The CVE-2021-44228 Vulnerability is associated with APT41. CVE-2021-44228, also known as the Log4Shell vulnerability, is a significant flaw in Apache's Log4j software. Disclosed in December 2021, it quickly became one of the most severe bugs due to its widespread usage and potential for exploitation. Various Advanced Persistent Threat (APT) actors attempted | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
DARKReading | 13 days ago | ||
Checkpoint | 13 days ago | ||
DARKReading | 16 days ago | ||
BankInfoSecurity | 22 days ago | ||
BankInfoSecurity | a month ago | ||
Securityaffairs | a month ago | ||
Fortinet | a month ago | ||
DARKReading | a month ago | ||
Securityaffairs | 2 months ago | ||
DARKReading | 2 months ago | ||
Securityaffairs | 2 months ago | ||
Securityaffairs | 2 months ago | ||
DARKReading | 2 months ago | ||
Securityaffairs | 2 months ago | ||
Checkpoint | 2 months ago | ||
Securityaffairs | 2 months ago | ||
DARKReading | 2 months ago | ||
DARKReading | 3 months ago | ||
Checkpoint | 3 months ago | ||
DARKReading | 3 months ago |