July 11, 2024 at 08:40AM
APT41, a China-linked APT group, is suspected of using an advanced version of StealthVector to deliver a new backdoor named MoonWalk, utilizing Google Drive for C2 communication. This threat actor has been active since 2007 and has been linked to various cyber intrusions and attacks targeting U.S. and Taiwanese entities.
Based on the meeting notes, the key takeaway is that a China-linked advanced persistent threat (APT) group known as APT41 has been using a new variant of the known malware StealthVector, codenamed DodgeBox, to deliver a previously undocumented backdoor called MoonWalk. This backdoor shares evasion techniques with DodgeBox and uses Google Drive for command-and-control communication. Additionally, APT41 has been linked to various intrusion campaigns and attacks targeting government networks and media organizations. DodgeBox employs multiple evasion techniques and capabilities, making it challenging to detect.