Student 1 Week 13: Short Essay An Advanced Persistent Attack (APT) use s continuous , sophisticated hacking techniques to gain access to a system for a long period of time, potentially causing havoc (Kaspersky) APT 41 consists of a group of hackers and is a dual espionage and cybercrime operation that Fire Eye, the cyber security company, has attributed to China Th is group is not solely targeting the United States, but also places in Western Europe, Africa, and India. This group ’ s attacks have been dated ba ck to 2012 and just as recently as the beginning of 2020. APT 41 operations include getting access to healthcare, high - tech, telecommunications sectors, and the theft of intellectual property. They are also tracking individuals and gathering surveillance with operations against higher education, travel services , and news/media firms. FireEye believes that many of their operations are not based on Chinese orders as they are usually for personal gain , which is unprecedented for Ch inese APTs, such as target ing video game companies by stealing source code, manipulating virtual currency , and deploying ransomware. They have also inserted malicious code into software companies when they distribute updates (FireEye) After 2015 there is no evidence of direct intellectual property being stolen , alluding to the fact that APT 41 is starting to lean towards strategic intelligence collection and gaining access T heir own personal operations have not ceased as they are capable of simultaneously doing their espionage operations for China. 2014 is when they stopped solely doing operations on video games and started incorporating healthcare and adding something different each year, such as media in 2015 , energy in 2016 , software and automotive in 2017 , and finance and travel in 2018 In 2019 they only targeted the education, telecoms, and hi - tech industries (FireEye) At the beginning of 2020 , APT 41 carried out a global operation amongst 20 countries, which China has not done in recent years, with the U.S being one of them. Some industries targeted were healthcare, finance, telecoms, media , H igh Tec , government, fossil fuel industry, and many more Their goal was to find and exploit vulnerabilities in Citrix NetScaler/A DC , Cisco routers, and Zoho ManageEngine Desktop Central. They were successful in getting information out of the Cisco routers and breaching the network to execute remote code on the target machine. For the Zoho Manage Engi ne Desktop they were successful in gaining access to five organizations out of at least twelve . APT 41 is known to hold back on more advanced attacks and send weaker ones first for reconnaissance to learn openings and systems. FireEye still views them as a high priority to track (Glyer) It is interesting to see that in 2019, there was no evidence of video game operations and in the start of 2020, the group conducted one of the biggest operations in years, meaning maybe this gr oup is focusing more on Chinese - focused operations and devoting more resources to it. The year just started and there is reason to believe there will be more attacks incoming, not just to America. It is also important to note that during China’s Covid - 19 l ockdown, there was a break from the hackings, meaning if America goes on lockdown, there will be a period of time where we will be more vulnerable. References FireEye. (n.d.). [Report] Double Dragon: APT41, a Dual Espionage and Cyber Crime Operation. Retr ieved from https://content.fireeye.com/apt - 41/rpt - apt41/ Glyer, C. (2020, March 25). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved from https://www.fireeye.com/blog/threat - research/2020/03/apt41 - initiates - global - intrusion - campaign - using - multiple - exploits.html Kaspersky. (n.d.). What Is an Advanced Persistent Threat (APT)? Retrieved from https://www.kaspersky.com/resource - center/definitions/advanced - persistent - threats